Home Cyber Attack US CISA Alerts of Active Exploitation of F5 BIG-IP Vulnerability

US CISA Alerts of Active Exploitation of F5 BIG-IP Vulnerability

by Abeerah Hashim
F5 BIG-IP appliances under malware attack

Earlier this month, a serious security flaw surfaced online targeting F5 Networks. Now, the US CISA has issued an alert about the active exploits of this F5 BIG-IP vulnerability.

CISA Warns Of F5 BIG-IP Vulnerability Exploit

In a recent advisory, the United States Cybersecurity and Infrastructure Security Agency (CISA) warned all users of the F5 flaw. Specifically, they have warned of the active attacks in the wild against the F5 BIG-IP vulnerability.

This vulnerability specifically affected the BIG-IP Traffic Management User Interface (TMUI). Successful exploitation of the flaw allows a remote adversary to take control of the target systems and execute arbitrary codes. This also includes creating/deleting files, disabling services, and execute other commands.

While F5 Networks already patched the bugs, according to CISA, they fear that any unpatched systems may already have suffered an attack.

CISA has further shared various strategies to facilitate the organizations in case of a compromise. They have shared methods for the detection and mitigation of an active attack to assist the IT security personnel.

F5 Networks Vulnerability

The vulnerability, CVE-2020-5902, first came into limelight after researchers Positive Technologies shared details. Right after the disclosure, the criminal hackers started exploiting the vulnerability to target vulnerable systems.

Although, the vendors quickly addressed the vulnerability and released security fixes. However, due to the high number of devices not updated to the patched versions, the perpetrators got a chance to actively exploit the bug.

The US Cyber Command also issued an alert about it urging everyone to ensure quick patches. However, it seems many systems still remain at risk as they aren’t updated.

Though CISA has also shared mitigation strategies to fend-off active exploitation. Still, organizations should prefer updating the systems at the earliest to the F5 BIG-IP versions 11.6.5.2, 12.1.5.2, 13.1.3.4, 14.1.2.6, and 15.1.0.4 to avoid any attack.

Let us know your thoughts in the comments.

You may also like