It hasn’t been long since the enterprise networking gear provider F5 Networks disclosed a vulnerability. And now, right after the disclosure, cybercriminals have started to exploit the vulnerability. Users should patch their systems quickly to stay safe.
F5 Networks BIG-IP Vulnerability
Reportedly, the application services giant F5 Networks recently disclosed a vulnerability affecting its BIG-IP services. These products are commonly used in networks belonging to the ISPs, governments, enterprise networks, and cloud computing data centers.
The vulnerability caught the attention of security researcher Mikhail Klyuchnikov of Positive Technologies. Sharing the details in a post, the researcher revealed that exploiting the bug could allow for remote code execution.
Briefly, the vulnerability CVE-2020-5902 existed in the BIG-IP application delivery controller (ADC) configuration interface. It attained a critical severity rating with a CVSS score of 10.0 – the highest severity score.
Exploiting the bug simply required an attacker to send a maliciously crafted HTTP request to the server hosting the Traffic Management User Interface (TMUI) utility for BIG-IP configuration.
An unauthorized attacker could then achieve remote access to the target utility for the addition or deletion of files, intercepting information, disabling services, running commands, or infecting other devices on the network.
Exploitation Attempts Already Began
Following the researcher’s report, F5 Networks patched the vulnerability with the release of BIG-IP versions 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52. They also patched an XSS vulnerability (CVE-2020-5903) alongside this critical bug.
Considering the severity of the bugs, the US Cyber Command alerted everyone to update their systems to the patched version.
URGENT: Patching CVE-2020-5902 and 5903 should not be postponed over the weekend. Remediate immediately. https://t.co/UBKECuN7Vv
— USCYBERCOM Cybersecurity Alert (@CNMF_CyberAlert) July 3, 2020
However, despite the patches, the attackers didn’t step back from exploiting the flaw. Three days after the bug surfaced online, they started exploitation attempts. According to what a researcher Rich Warren told ZDNet, he detected malicious attacks from five different IP addresses.
Thus, users should ensure patching their devices immediately to avoid falling prey to any cyber-attacks.
Let us know your thoughts in the comments.