The Indian Computer Emergency Response Team (CERT-In) has issued a warning to users regarding a critical vulnerability in F5’s BIG-IP, a popular multi-cloud application services and security product. This vulnerability could potentially be exploited by remote attackers to execute craft DNS queries or cause a Denial of Service (DoS) attack on the targeted system.
According to CERT-In, the vulnerability in F5 BIG-IP is a result of flooding the target server with queries. A remote attacker could take advantage of this flaw by crafting queries on the affected ‘named’ instance, leading to excessive CPU load on the targeted system. Successful exploitation of this vulnerability could have serious consequences, including the execution of craft DNS queries or causing a DoS condition.
In light of this security risk, CERT-In has strongly recommended that users apply the necessary updates to mitigate the vulnerability and protect their systems from potential attacks.
Additionally, CERT-In has also alerted users to a separate vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) related to the Out-of-Band (OOB) and Plug and Play (PnP) feature. This flaw could allow an unauthenticated, remote attacker to read arbitrary files on the targeted system. The vulnerability stems from an unauthenticated provisioning web server in the OOB and PnP feature of Cisco NDFC, which could be exploited through direct web requests to the provisioning server.
Users are advised to stay vigilant, apply security patches promptly, and take necessary precautions to safeguard their systems from potential cyber threats.