Web: https://packetstormsecurity.com/files/169967/f5_icontrol_soap_csrf_rce_cve_2022_41622.rb.txt

Nov. 21, 2022, 4:14 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits a cross-site request forgery (CSRF) vulnerability in F5 Big-IP's iControl interface to write an arbitrary file to the filesystem. While any file can be written to any location as root, the exploitability is limited by SELinux; the vast majority of writable locations are unavailable. By default, we write to a script that executes at reboot, which means the payload will execute the next time the server boots. An alternate target - Login - will add a …

big big-ip forgery icontrol request site

Cyber Transformation Consultant - Energy & Utilities

@ PA Consulting | London, United Kingdom

Security Operations Lead

@ Vattenfall | Amsterdam, Netherlands

Technology - Energy and Natural Resources sector, Security Strategy & Governance, Cyber Defence, Identity & Access

@ KPMG Australia | Sydney, Australia

DevSecOps Manager

@ Nexient | United States

IT Security Manager (REF194D)

@ Deutsche Telekom IT Solutions | Budapest, Debrecen, Pécs, Szeged, Hungary

Security GRC Consultant

@ Devoteam | Zaventem, Belgium

Information Security & Data Privacy Specialist

@ SirionLabs | Gurugram, Haryana, India

Junior Security Engineer

@ Eurofins | Barcelona, Spain

Senior Application Security Engineer [Remote - UK]

@ Confluent, Inc. | Remote, England

Threat Analysis Security Engineer

@ MANGOPAY | Paris, France

Sr. Professional Services Consultant II

@ Palo Alto Networks | Denver, CO, United States

Senior Offensive Security Engineer

@ MANGOPAY | Paris, France