Security News > 2020 > July > Admins Urged to Patch Critical F5 Flaw Under Active Attack
Security experts are urging companies to deploy an urgent patch for a critical vulnerability in F5 Networks' networking devices, which is being actively exploited by attackers to scrape credentials, launch malware and more.
Last week, F5 Networks issued urgent patches for the critical remote code-execution flaw, which has a CVSS score of 10 out of 10.
Not long after the flaw was disclosed, public exploits were made available for it, leading to mass scanning for vulnerable devices by attackers and ultimately active exploits.
The exploit of the flaw is trivial: Mikhail Klyuchnikov with Positive Technologies, who originally discovered the flaw, said that in order to exploit the vulnerability, an unauthenticated attacker would only need to send a specifically crafted HTTP request to the server hosting the Traffic Management User Interface utility for BIG-IP configuration.
As more active exploits are detected in the wild, F5 Networks, the U.S. Cyber Command and Chris Krebs, director at the U.S. Cybersecurity and Infrastructure Security Agency, have all urged administrators to implement the offered fixes as soon as possible.
News URL
https://threatpost.com/patch-critical-f5-flaw-active-attack/157164/
Related news
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)