meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, May 9th, 2022

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 9 May 2022

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BIG IP Vuln; QNAP Update; Raspberry Robin; rubygems flaw;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, May 9th, 2020 edition of the Sandsenet Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

0:13.3

On Thursday, F5 announced a patch for a big IP for its load balancer appliances, affecting the iControl Rest API.

0:24.2

Exploitation does not require any authentication

0:26.6

and leads to remote code execution,

0:29.7

making this a big deal.

0:32.6

Also, all versions, but the very latest ones,

0:35.1

are vulnerable.

0:37.0

And to top it off, well, exploits are already

0:40.4

being advertised as being created and at least one researcher noted that they will make

0:48.5

their exploit public later this week. But well, there's one way to mitigate this vulnerability and imagine

0:57.0

that it's protecting access to the management interface or the self-IP address. The other mitigation

1:04.7

is to change the configuration of the device and essentially force all connections to be closed instead of using Keep Alive.

1:14.4

Apparently, the root cause here is some kind of request smuggling where you are adding a second

1:20.7

request as sort of the body of a first request and confuse the device as to what request it's processing. Now, since not

1:30.7

exposing the self-IP and the management interface is sort of standard procedure for these devices.

1:38.3

Highly recommended and also all the setup features and such are guiding you towards that way. I don't think this will

1:45.6

be such a big deal. There are some devices exposed according to some scanners like census

1:54.0

lists about 2000. Of course, not known how many of them are vulnerable or how many of them are honeypots or something

2:03.0

else that just looks like a big IP device. If you are using Big IP, definitely patch and

2:10.6

absolutely make sure that you control access to the management interface. And talking about things that you should not expose to the management interface.

2:24.7

And talking about things that you should not expose to the internet, QNAP has an update for its video recorder software. So if you're using your QNAP device as a network video recorder,

2:31.4

then please apply the update and make sure it's not exposed to

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.