Show vulnerabilities with patch / with exploit
6 July 2020

Hackers are already attempting to exploit F5 BIG-IP vulnerability


Hackers are already attempting to exploit F5 BIG-IP vulnerability

Soon after technical details of a serious bug in F5 BIG-IP networking devices have been released to the public attacks have been observed attempting to exploit this vulnerability.

Last week, F5 has released a security advisory describing a Remote Code Execution (RCE) vulnerability that affects the BIG-IP's Traffic Management User Interface (TMUI).

The flaw, tracked as CVE-2020-5902, “allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through the BIG-IP management port and/or Self IPs, to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code. This vulnerability may result in complete system compromise. The BIG-IP system in Appliance mode is also vulnerable. This issue is not exposed on the data plane; only the control plane is affected.” The vulnerability received the maximum score (10 out of 10 score) on the CVSSv3 vulnerability severity scale.

Two days after the patches for this flaw have been issued security researches have started releasing proof-of-concept (PoC) exploits to demonstrate how easy it is to steal information and execute commands on vulnerable devices [1, 2, 3].

Over the weekend Rich Warren, a security researcher for the NCC Group, has detected remote attacks trying to exploit the CVE-2020-5902 vulnerability. According to the researcher, the attacks have been attempting to steal administrator passwords from the compromised devices.

Back to the list

Latest Posts

Vulnerabilities in Gmail and iCloud allow hiding the sender

Vulnerabilities in Gmail and iCloud allow hiding the sender

Manipulating email header fields allows for various types of attacks to deceive the addressee.
6 August 2020
Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Oilrig members have added a new DNSExfiltrator utility to their hacking arsenal.
5 August 2020
Hacker published passwords for over 900 corporate VPN servers

Hacker published passwords for over 900 corporate VPN servers

The list was published on a Russian-speaking hacker forum frequented by different ransomware operators.
5 August 2020