Security News > 2020 > July > Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover

Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover
2020-07-17 20:59

About 8,000 users of F5 Networks' BIG-IP family of networking devices are still vulnerable to full system access and remote code-execution, despite a patch for a critical flaw being available for two weeks.

Public exploits were made available for it, leading to mass scanning for vulnerable devices by attackers, and ultimately active exploits.

Fast-forward to two weeks later, and patches have rolled out to less than 500 of that original group of vulnerable machines, according to the analysis.

Expanse researchers said that as of July 15, there were at least 8,041 vulnerable TMUI instances still exposed to the public internet.

To boot, an additional bug, CVE-2020-5903, affects the same vulnerable management interface via a cross-site scripting vulnerability that Expanse said could also be leveraged to include RCE. Despite active exploits and security experts urging companies to deploy the urgent patch for the critical vulnerability, patching is clearly going slowly - something that Tim Junio, CEO and co-founder of Expanse, chalks up to a lack of visibility.


News URL

https://threatpost.com/thousands-f5-big-ip-users-takeover/157543/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-07-01 CVE-2020-5903 Cross-site Scripting vulnerability in F5 products
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
network
low complexity
f5 CWE-79
6.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
F5 141 6 267 399 64 736