Experts from Rapid7 observed a customized CentOS installation operating on F5 BIG-IP and BIG-IQ devices found to have various vulnerabilities. While the other flaws are security bypass methods that F5 does not consider vulnerabilities, two of the vulnerabilities have been categorized as high-severity remote code execution vulnerabilities and given CVE IDs. Vulnerabilities Discovered The first high-severity flaw is tracked as (CVE-2022-41622) is an unauthenticated remote code execution via cross-site request forgery (CSRF) that impacts BIG-IP and BIG-IQ products.
Read full article on GBHackers