6 July 2020

Hackers are already attempting to exploit F5 BIG-IP vulnerability


Hackers are already attempting to exploit F5 BIG-IP vulnerability

Soon after technical details of a serious bug in F5 BIG-IP networking devices have been released to the public attacks have been observed attempting to exploit this vulnerability.

Last week, F5 has released a security advisory describing a Remote Code Execution (RCE) vulnerability that affects the BIG-IP's Traffic Management User Interface (TMUI).

The flaw, tracked as CVE-2020-5902, “allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through the BIG-IP management port and/or Self IPs, to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code. This vulnerability may result in complete system compromise. The BIG-IP system in Appliance mode is also vulnerable. This issue is not exposed on the data plane; only the control plane is affected.” The vulnerability received the maximum score (10 out of 10 score) on the CVSSv3 vulnerability severity scale.

Two days after the patches for this flaw have been issued security researches have started releasing proof-of-concept (PoC) exploits to demonstrate how easy it is to steal information and execute commands on vulnerable devices [1, 2, 3].

Over the weekend Rich Warren, a security researcher for the NCC Group, has detected remote attacks trying to exploit the CVE-2020-5902 vulnerability. According to the researcher, the attacks have been attempting to steal administrator passwords from the compromised devices.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024