Plug'n Play Firewall Security Vulnerabilities

K000138640 : Perl vulnerability CVE-2023-47038

Security Advisory Description A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. (CVE-2023-47038) Impact This vulnerability could allow a local...

K000138641 : cURL vulnerability CVE-2023-46219

Security Advisory Description When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. (CVE-2023-46219) Impact An attacker with a network position that allows...

CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it's being...

Security Bulletin: Due to use of Apache Tomcat, App Connect Professional is vulnerable to HTTP request smuggling.

Summary App Connect Professional has addressed the following vulnerability reported in Apache Tomcat. (CVE-2023-46589) Vulnerability Details ** CVEID: CVE-2023-46589 DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP trailer headers. By...

Why We Must Democratize Cybersecurity

With breaches making the headlines on an almost weekly basis, the cybersecurity challenges we face are becoming visible not only to large enterprises, who have built security capabilities over the years, but also to small to medium businesses and the broader public. While this is creating greater.....

U.S. Government Disrupts Russia-Linked Botnet Engaged in Cyber Espionage

The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities. "These crimes included vast spear-phishing and similar credential...

RCE to Sliver: IR Tales from the Field

Rapid7 Incident Response consultants Noah Hemker, Tyler Starks, and malware analyst Tom Elkins contributed analysis and insight to this blog. Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source....

Ransomware Reality Check: Deciphering Priorities in a Sea of Cyber Extortion

Welcome to a critical exploration of the 2023 Cyber Vulnerability Landscape, with a specific focus on the escalating threat of ransomware. I have previously shared the broader results we found in evaluating the 2023 threat landscape; this is now a deeper dive into what the data reveals...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 5, 2024 to February 11, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 95 vulnerabilities disclosed in 65...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...

TinyTurla Next Generation - Turla APT spies on Polish NGOs

Cisco Talos has identified a new backdoor authored and operated by the Turla APT group, a Russian cyber espionage threat group. This new backdoor we're calling "TinyTurla-NG" (TTNG) is similar to Turla's previously disclosed implant, TinyTurla, in coding style and functionality implementation....

Siemens RUGGEDCOM APE1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens SCALANCE W1750D

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Equipment: MELSEC iQ-F/iQ-R Series Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...

Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks

A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that's capable of harvesting identity documents, facial recognition data, and intercepting SMS....

K000138628 : python-pip vulnerabilities CVE-2021-3572 and CVE-2023-5752

Security Advisory Description CVE-2021-3572 A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity....

Palo Alto Networks PAN-OS 10.2.x < 10.2.4 / 11.0.x < 11.0.1 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.4 or 11.0.x prior to 11.0.1. It is, therefore, affected by a vulnerability. An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a...

Palo Alto Networks PAN-OS 8.1.x < 8.1.25 / 9.0.x < 9.0.17 / 9.1.x < 9.1.16 / 10.0.x < 10.0.11 / 10.1.x < 10.1.6 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.25 or 9.0.x prior to 9.0.17 or 9.1.x prior to 9.1.16 or 10.0.x prior to 10.0.11 or 10.1.x prior to 10.1.6. It is, therefore, affected by a vulnerability. A cross-site scripting (XSS) vulnerability in Palo...

Palo Alto Networks PAN-OS 9.0.x < 9.0.17-h4 / 9.1.x < 9.1.17 / 10.1.x < 10.1.12 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 9.0.x prior to 9.0.17-h4 or 9.1.x prior to 9.1.17 or 10.1.x prior to 10.1.12. It is, therefore, affected by a vulnerability. A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo...

K000138629 : Python vulnerability CVE-2022-48560

Security Advisory Description A use-after-free exists in Python through 3.9 via heappushpop in heapq. (CVE-2022-48560) Impact There is no impact; F5 products are not affected by this...

Palo Alto Networks PAN-OS 8.1.x < 8.1.24 / 9.0.x < 9.0.17 / 9.1.x < 9.1.13 / 10.0.x < 10.0.11 / 10.1.x < 10.1.3 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.24 or 9.0.x prior to 9.0.17 or 9.1.x prior to 9.1.13 or 10.0.x prior to 10.0.11 or 10.1.x prior to 10.1.3. It is, therefore, affected by a vulnerability. A reflected cross-site scripting (XSS) vulnerability...

Palo Alto Networks PAN-OS 9.0.x < 9.0.18 / 9.1.x < 9.1.17 / 10.0.x < 10.0.13 / 10.1.x < 10.1.11 / 10.2.x < 10.2.5 / 11.0.x < 11.0.2 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 9.0.x prior to 9.0.18 or 9.1.x prior to 9.1.17 or 10.0.x prior to 10.0.13 or 10.1.x prior to 10.1.11 or 10.2.x prior to 10.2.5 or 11.0.x prior to 11.0.2. It is, therefore, affected by a vulnerability. Web sessions in the...

Paving a Path to Systems Administration: Naeem Jones’ Journey with Rapid7

Prior to becoming a Systems Administrator at Rapid7, Naeem Jones entered his career in cybersecurity through the Hack. Diversity program. Hack.Diversity is a program that connects talented Black and Latin/x students and early-career professionals with organizations that are looking to build...

The Added Value of SNI-Only Mode in Imperva Cloud WAF

Imperva has modified the default behavior for new cloud WAF sites, now enforcing Server Name Indication (SNI)-only traffic by default. This shift is aimed at optimizing the utilization of TLS-related features, both those currently in place and those slated for the future roadmap. This blog post...

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial....

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details ** CVEID: CVE-2022-44729 DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open.....

K000137334 : F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability CVE-2024-23805

Security Advisory Description Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and...

K000137796 : BIG-IP SSL profile security exposure

Security Advisory Description The BIG-IP system may not honor the revocation status of a certificate present in the certificate revocation list (CRL) file, potentially allowing unauthorized connections. This issue occurs when all of the following conditions are met: A ClientSSL or ServerSSL...

K000138618 : BIND vulnerability CVE-2023-5680

Security Advisory Description If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1...

K000137675 : BIG-IP HTTP/2 vulnerability CVE-2024-23314

Security Advisory Description When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-23314) Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote...

K000132800 : F5OS QKView utility vulnerability CVE-2024-23607

Security Advisory Description A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. (CVE-2024-23607) Impact An authenticated attacker may exploit this vulnerability by executing a crafted QKView...

K000137886 : BIG-IP Next CNF vulnerability CVE-2024-23306

Security Advisory Description A vulnerability exists in BIG-IP Next CNF systems that may allow access to undisclosed sensitive files. (CVE-2024-23306) Impact An authenticated attacker may be able to modify or remove undisclosed configuration files causing a loss of confidentiality and other...

K000133111 : F5OS vulnerability CVE-2024-24966

Security Advisory Description When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. (CVE-2024-24966) Impact This vulnerability may allow an LDAP authenticated attacker to bypass intended access restrictions. There is no data...

K000137595 : BIG-IP AFM signature matching vulnerability CVE-2024-21771

Security Advisory Description For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. (CVE-2024-21771) Impact When attackers exploit...

K98606833 : BIG-IP and BIG-IQ scp vulnerability CVE-2024-21782

Security Advisory Description BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced Shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an...

RansomHouse am See

RansomHouse am See By Pham Duy Phuc, Max Kersten in collaboration with Noël Keijzer and Michaël Schrijver from Northwave · February 14, 2024 Ransom gangs make big bucks by extorting victims, which sadly isn’t new. Their lucrative business allows them not only to live off the stolen money, but also....

K000137521: BIG-IP AFM vulnerability CVE-2024-21763

Security Advisory Description When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-21763) Impact Traffic is disrupted while the TMM process...

K000137522 : BIG-IP iControl REST vulnerability CVE-2024-22093

Security Advisory Description When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. (CVE-2024-22093) Impact This...

K000134516 : BIG-IP SSL Client Certificate LDAP and CRLDP Authentication profiles vulnerability CVE-2024-23979

Security Advisory Description When an SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. (CVE-2024-23979) Impact System performance...

K000138047 : BIG-IP Advanced WAF and BIG-IP ASM Configuration utility vulnerability CVE-2024-23603

Security Advisory Description An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. (CVE-2024-23603) Impact An authenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP Configuration...

K91054692 : BIG-IP Appliance mode iAppsLX vulnerability CVE-2024-23976

Security Advisory Description When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. (CVE-2024-23976) Impact An authenticated attacker with local system access and...

K11453402 : BIG-IP Cookie encryption security exposure

Security Advisory Description When HTTP Profile Cookie encryption is enabled, duplicate HTTP cookies may be passed on to back-end servers. This issue occurs when the following condition is met: The virtual server has an HTTP Profile with Cookie Encryption enabled. Impact The back-end pool member...

K000135946 : BIG-IP PEM vulnerability CVE-2024-23982

Security Advisory Description When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023.....

K000138353 : Quarterly Security Notification (February 2024)

Security Advisory Description On February 14, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the...

K000138445 : NGINX HTTP/3 QUIC vulnerability CVE-2024-24990

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. (CVE-2024-24990) Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,....

K000138444 : NGINX HTTP/3 QUIC vulnerability CVE-2024-24989

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. (CVE-2024-24989) Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,....

K000137416 : BIG-IP Advanced WAF and BIG-IP ASM vulnerability CVE-2024-23308

Security Advisory Description When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based...

K000137270 : BIG-IP Advanced WAF and BIG-IP ASM and vulnerability CVE-2024-21789

Security Advisory Description When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. (CVE-2024-21789) Impact System performance can degrade until the bd process is either forced to restart or is...

K000135873 : BIG-IP Websockets vulnerability CVE-2024-21849

Security Advisory Description When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. (CVE-2024-21849) Impact Traffic is disrupted while the TMM process...

K000137333 : BIG-IP TMM vulnerability CVE-2024-24775

Security Advisory Description When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-24775) Impact Traffic is disrupted while the TMM process restarts. This vulnerability...