F5 Big-IP APM CTU Vulnerability Disclosure

As we have proven time and over again, what we do here at BEETLES and the way we do it, is unique. We have established the power of a well-trained and synced security research team, the advantage of working together, putting our heads together, and coming out with the best solution, not just the easy one.

Again, BEETLES have recently discovered a system vulnerability in “F5 Big-IP Access Policy Manager”. This vulnerability allowed our researcher to inject and load a malicious DLL library from its current directory. This vulnerability can be exploited on Windows systems. By exploiting this vulnerability, a malicious attacker can escalate their privilege and trick the victim to load an arbitrary DLL on a Windows system. We reported the same to F5.

F5 is a company that specialized in application services, application security, and DDoS defense, among others.

This finding has been disclosed and published by F5 and has also been listed in the Common Vulnerabilities and Exposures (CVE) databases.

Another awesome accomplishment by the BEETLES Red Team. Congratulation to the team and Shahee Mirza, Chief Cyber Operations Officer for guiding this research work. And a big thank you to F5 for the acknowledgment.

https://support.f5.com/csp/article/K29282483