Security News > 2020 > July > Attackers are breaching F5 BIG-IP devices, check whether you’ve been hit

Attackers are breaching F5 BIG-IP devices, check whether you’ve been hit
2020-07-06 11:52

Attackers are actively trying to exploit CVE-2020-5902, a critical vulnerability affecting F5 Networks' BIG-IP multi-purpose networking devices, to install coin-miners, IoT malware, or to scrape administrator credentials from the hacked devices.

CVE-2020-5902 is a critical remote code execution vulnerability in the configuration interface of BIG-IP devices used by some of the world's biggest companies.

Both the company and the U.S. Cyber Command urged admins on Friday to check whether their F5 BIG-IP web interfaces were exposed on the internet and to implement the offered patches before the weekend starts.

According to F5 Networks, BIG-IP networking devices are used as server load balancers, application delivery controllers, access gateways, etc.

Attackers are bypassing one of the mitigations originally provided by F5 Networks, so any organization that applied it instead of patching their F5 BIG-IP boxes should take action again and check whether their devices have been compromised in the meantime.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/iOMRjw5jTpY/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-07-01 CVE-2020-5902 Path Traversal vulnerability in F5 products
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
network
low complexity
f5 CWE-22
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
F5 211 52 502 206 41 801