This F5 BIG-IP vulnerability makes it easier for Ransomware to encrypt network devices
Memesita
BIG-IP has a high severity format string vulnerability, according to F5, that could allow an authorized attacker to create a denial-of-service (DoS) scenario and possibly execute arbitrary code. F5 has issued a warning about this vulnerability.

The company said that in order to take advantage of the command execution attack vector, the attacker must obtain information about the target environment that hosts the vulnerable component. The vendor also said that this vulnerability only affects the control plane and the data plane is not affected in any way.

The problem is a format string vulnerability that exists in the iControl SOAP application, which operates as the root user and requires a login for administrative access. The vulnerability can be exploited by an authorized attacker to cause the iControl SOAP CGI process to crash or, theoretically, to execute arbitrary code.

According to Rapid7, âit is impossible to affect the precise addresses read and written, which makes it extremely difficult to attack (other than to crash the service) in reality.â This is one of the reasons why this vulnerability is so difficult to exploit.
Link: https://www.memesita.com/this-f5-big-ip-vulnerability-makes-it-easier-for-ransomware-to-encrypt-network-devices/