Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-22340PUBLISHED: 2023-02-01
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical ...
CVE-2023-22341PUBLISHED: 2023-02-01
On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with t...
CVE-2023-22358PUBLISHED: 2023-02-01In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-22374PUBLISHED: 2023-02-01
In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode B...
CVE-2023-22418PUBLISHED: 2023-02-01
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to b...
User Rank: Ninja
6/13/2014 | 1:55:52 PM
Excellent point. But it begs the question: Who is responsible? See, for all those thousands of systems out there that make up the long tail, should it only be cyber criminals scanning the length of it until they find vulnerable systems? The obvious answer should be the IT staff who own the systems need to be doing that, too, but as history shows, they aren't all owning up to their responsibilities. So who?
I'd always imagined there would be an organization of white hatters who, with documented, iron-clad passports to hack from law enforcement and government agencies, would work day in and out doing exactly what the black hatters are doing except, once they find a vulnerable system, they immediately lock it down, or reach out to the owners and get them to do their job.
If that sounds like a superhero comic book more than reality, take account of the trillions of American dollars (and then add in every country on top of that subject to cyber criminal activities) lost to cyber crime and ask whether it isn't worth it to invest in a group like this that essentially mimics a cyber criminal crew up to the last action, then takes one more vulnerable system out of the equation.
The high tech industries have a responsibility to the average citizen to provide assurances like this, just as our government provides law enforcement and military, because high tech is where this threat comes from. Software giants have established an electronic frontier that is basically pushed upon the everyday person, whether they want it or not, yet takes little global responsibility over the security and restoration of those lives harmed through the necessity of high tech in today's society.
How about the next few million dollars invested in tech go to forming a team like this that can make a real nation-wide difference, not for profit, simply to give back to the millions of people hurt by an ecosystem they may not even have wanted in their lives. For me, someone that eats, breathes and dreams tech, I think that is the least we can do; when the power goes down, it's those people we'll need to be friends with, not silicon billionaires.