F5 Networks Vulnerability Comes Under Active Exploit Right After Disclosure

  •  
  •  
  •  
  • 2
  •  
  •  
  •  
    2
    Shares

It hasn’t been long since the enterprise networking gear provider F5 Networks disclosed a vulnerability. And now, right after the disclosure, cybercriminals have started to exploit the vulnerability. Users should patch their systems quickly to stay safe.

F5 Networks BIG-IP Vulnerability

Reportedly, the application services giant F5 Networks recently disclosed a vulnerability affecting its BIG-IP services. These products are commonly used in networks belonging to the ISPs, governments, enterprise networks, and cloud computing data centers.

The vulnerability caught the attention of security researcher Mikhail Klyuchnikov of Positive Technologies. Sharing the details in a post, the researcher revealed that exploiting the bug could allow for remote code execution.

Briefly, the vulnerability CVE-2020-5902 existed in the BIG-IP application delivery controller (ADC) configuration interface. It attained a critical severity rating with a CVSS score of 10.0 – the highest severity score.

Exploiting the bug simply required an attacker to send a maliciously crafted HTTP request to the server hosting the Traffic Management User Interface (TMUI) utility for BIG-IP configuration.

An unauthorized attacker could then achieve remote access to the target utility for the addition or deletion of files, intercepting information, disabling services, running commands, or infecting other devices on the network.

Exploitation Attempts Already Began

Following the researcher’s report, F5 Networks patched the vulnerability with the release of BIG-IP versions 11.6.5.2, 12.1.5.2, 13.1.3.4, 14.1.2.6, 15.1.0.4. They also patched an XSS vulnerability (CVE-2020-5903) alongside this critical bug.

Considering the severity of the bugs, the US Cyber Command alerted everyone to update their systems to the patched version.

However, despite the patches, the attackers didn’t step back from exploiting the flaw. Three days after the bug surfaced online, they started exploitation attempts. According to what a researcher Rich Warren told ZDNet, he detected malicious attacks from five different IP addresses.

Thus, users should ensure patching their devices immediately to avoid falling prey to any cyber-attacks.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!