F5 Networks, a cybersecurity company, has issued a warning regarding a high-severity format string vulnerability in BIG-IP.
This vulnerability has the potential to cause a denial-of-service (DoS) scenario and allow an authorized attacker to execute arbitrary code. The vulnerability affects several versions of BIG-IP, including F5 BIG-IP 17.0.0, F5 BIG-IP 16.1.2.2 – 16.1.3, F5 BIG-IP 15.1.5.1 – 15.1.8, F5 BIG-IP 14.1.4.6 – 14.1.5, and F5 BIG-IP 13.1.5.
Impact of the Vulnerability
An adversary with network access to iControl SOAP via the BIG-IP management port and/or self IP addresses may be able to execute arbitrary system instructions or cause a denial of service (DoS) on the iControl SOAP CGI process. To properly exploit the command execution attack vector, the attacker must obtain information about the environment in which the vulnerable component resides.
The company has emphasized that this vulnerability solely affects the control plane and that there is no risk to the data plane. The use of appliance mode is either mandated by a particular license or offered as an option for individual Virtual Clustered Multiprocessing (vCMP) guest instances, where it may be activated or disabled as desired.
Exploitation Techniques
According to F5, an adversary could cause the service to crash by using the ‘%s’ specifier, and they could use the ‘%n’ specifier to write arbitrary data to any pointer on the stack, which could potentially lead to remote code execution. Both of these exploits could be carried out by using the same specifier.
Identification and Solution
The vulnerability has been assigned the identification number 1208001 (BIG-IP) by F5 Product Development and has been classified as the Use of Externally-Controlled Format String (CWE-134). To determine if your product and its version have been tested for this vulnerability, you can check the “Evaluated products” box. If your release is known to be vulnerable, you can also determine which components or features are affected. You may also detect a vulnerability for BIG-IP and BIG-IQ systems by using iHealth.
Conclusion
The format string vulnerability in BIG-IP is a serious threat to system stability and should not be taken lightly. If your BIG-IP system is vulnerable, it is important to take the necessary steps to address the issue promptly to minimize the risk of an attack. By using the tools and resources provided by F5, you can assess your system for vulnerabilities and take the appropriate action to secure it.