#f5-big-ip

[ follow ]
#remote-code-execution #cybersecurity #vulnerability #cisa #nginx-vulnerabilities #icontrol-rest
fromSecurityWeek
5 days ago

F5 Patches Over 50 Vulnerabilities

The most severe of the resolved issues is CVE-2026-42945 (CVSS v4.0 score of 9.2), a denial-of-service (DoS) condition in NGINX's ngx_http_rewrite_module module. The bug allows an unauthenticated attacker to send crafted HTTP requests that, combined with certain conditions beyond the attacker's control, could trigger a heap buffer overflow and a restart. If Address Space Layout Randomization (ASLR) is disabled, the flaw can be exploited for code execution.
Information security
#cybersecurity
Information security
fromSecurityWeek
1 month ago

F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild

CISA warns of exploitation of a critical F5 BIG-IP vulnerability, CVE-2025-53521, allowing remote code execution on affected systems.
more#cybersecurity
fromThe Hacker News
6 months ago

Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More

F5 Exposed to Nation-State Breach - F5 disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product. The company said it learned of the incident on August 9, 2025, although it's believed that the attackers were in its network for at least 12 months.
Information security
Science
fromTheregister
7 months ago

CISA exec blames hackers, Democrats for network risk

Exploitable vulnerabilities in F5 BIG-IP devices create imminent risk of lateral access and full compromise of US federal networks; urgent patches and inventories are required.
[ Load more ]