Security News > 2020 > July > Critical RCE Flaw Affects F5 BIG-IP Application Security Servers
Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers.
According to Mikhail Klyuchnikov, a security researcher at Positive Technologies who discovered the flaw and reported it to F5 Networks, the issue resides in a configuration utility called Traffic Management User Interface for BIG-IP application delivery controller.
BIG-IP ADC is being used by large enterprises, data centers, and cloud computing environments, allowing them to implement application acceleration, load balancing, rate shaping, SSL offloading, and web application firewall.
F5 BIG-IP ADC RCE Flaw An unauthenticated attacker can remotely exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server hosting the Traffic Management User Interface utility for BIG-IP configuration.
F5 BIG-IP ADC XSS Flaw Besides this, Klyuchnikov also reported an XSS vulnerability in the BIG-IP configuration interface that could let remote attackers run malicious JavaScript code as the logged-in administrator user.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/IbkEJgZENR0/f5-big-ip-application-security.html
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Major security audit of critical FreeBSD components now available (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (source)