Security News > 2020 > July > Hackers Start Exploiting Recently Patched BIG-IP Vulnerability
Hackers have already started exploiting a recently patched vulnerability affecting F5 Networks' BIG-IP application delivery controller.
F5 informed customers last week that a BIG-IP configuration utility named Traffic Management User Interface is impacted by a critical remote code execution vulnerability whose exploitation can result in "Complete system compromise."
Just days after the disclosure of CVE-2020-5902, researchers started releasing proof-of-concept exploits for arbitrary file read and remote code execution.
A video published by DeeLMind shows just how easy it is to exploit the vulnerability if the BIG-IP configuration interface is exposed.
The first attacks observed by NCC read files and extracted encrypted passwords, but they did not attempt remote code execution and the delivery of a binary payload. The U.S. Cyber Command has advised organizations to immediately apply the patches for CVE-2020-5902 and CVE-2020-5903, another vulnerability discovered by Positive Technologies that can be exploited to take complete control of a BIG-IP system.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-01 | CVE-2020-5902 | Path Traversal vulnerability in F5 products In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. | 9.8 |
| 2020-07-01 | CVE-2020-5903 | Cross-site Scripting vulnerability in F5 products In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. | 6.1 |