In a recent report, NCC Group elaborates on the recent discovery of the active exploitation of CVE-2021-22986. This vulnerability allows for unauthenticated, remote code execution of F5 BIG-IP devices through the BIG-IQ iControl REST API. F5 has since patched the vulnerability, but there are currently 6,791 potentially vulnerable devices online at the time of writing. One Proof of Concept (POC) exploit is available on GitHub, but more will likely be published soon.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security