Brace for impact
Networking and application delivery technology vendor F5 has fixed a pair of high impact, web security-related vulnerabilities.
The vulnerability – tracked as CVE-2022-23008 – earns a CVSS score of 8.7, marking it out as the highest severity flaw in F5’s latest patch batch.
Successful exploitation of the flaw would allow an attacker to read and/or write files on the NGINX data plane instance. The vulnerability was discovered internally by F5.
Users are advised to upgrade to version 3.19.1.
BIG-IP load balancer
The flaw earns a CVSS score of 7.5, marking it out as another high severity threat. The issue was also discovered internally by engineers from F5.
F5’s latest quarterly patch batch addresses a total of 15 ‘high’ severity vulnerabilities, nine ‘medium’ risk flaws, and one ‘low’ severity bug. Many of the flaws involve memory handling or system crashing (denial of service) risks.
A full breakdown on the content of the patches, released last Wednesday (January 19), together with suggested remediation advice, can be found in F5’s related security advisory.