F5 products impacted by several flaws

Numerous security issues impacting different F5 products have been identified by Rapid7 researchers, two of which are high-severity remote code execution flaws, reports SecurityWeek. F5's BIG-IP and BIG-IQ products are affected by the most severe vulnerability, which is a cross-site request forgery issue, tracked as CVE-2022-41622. Threat actors could leverage the security bug to facilitate root access to root management interfaces even in devices not connected to the internet, as long as they are aware of the targeted network. "If exploited, the vulnerability can compromise the complete system," said F5. On the other hand, exploitation of the second RCE bug, tracked as CVE-2022-41800, could facilitate arbitrary shell command execution through RPM specification files. Other security issues, including two SELinux bypass techniques and a local privilege escalation bug through bad Unix socket permissions, have also been discovered by Rapid7, which noted the low odds of widespread exploitation. Engineering hotfixes for the security concerns have already been issued by F5.