Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
An attacker must be familiar with iControl endpoints and successfully leverage social engineering techniques to trick administrators into exploiting the vulnerability. Successful exploits can indicate that an attacker has a persistent presence and access to data in the network.
Kill Chain
Risk Score
90
The F5 BIG-IP Local Traffic Manager appliance can leverage the iControl SOAP API for system management. An iControl endpoint is vulnerable to accepting malicious SOAP requests through cross-site request forgery (CRSF). To exploit this vulnerability, an attacker locates the IP address or hostname of an iControl endpoint and identifies an administrator with access to that endpoint. Next, the attacker lures the administrator to a malicious website (1). The website tricks the administrator web browser into sending an HTTP POST request with a malicious SOAP payload to the iControl endpoint (2). The iControl endpoint trusts the POST request because the request was sent by an authenticated user and runs the malicious payload.
Review the mitigation options in the F5 security advisory (K94221585)
Restrict access to the iControl SOAP API to only trusted users, or disable all access to the iControl SOAP API
Manage the BIG-IP system with a unique and isolated web browser
Disable basic authentication for web browsers
