Security News > 2020 > July > Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover
About 8,000 users of F5 Networks' BIG-IP family of networking devices are still vulnerable to full system access and remote code-execution, despite a patch for a critical flaw being available for two weeks.
Public exploits were made available for it, leading to mass scanning for vulnerable devices by attackers, and ultimately active exploits.
Fast-forward to two weeks later, and patches have rolled out to less than 500 of that original group of vulnerable machines, according to the analysis.
Expanse researchers said that as of July 15, there were at least 8,041 vulnerable TMUI instances still exposed to the public internet.
To boot, an additional bug, CVE-2020-5903, affects the same vulnerable management interface via a cross-site scripting vulnerability that Expanse said could also be leveraged to include RCE. Despite active exploits and security experts urging companies to deploy the urgent patch for the critical vulnerability, patching is clearly going slowly - something that Tim Junio, CEO and co-founder of Expanse, chalks up to a lack of visibility.
News URL
https://threatpost.com/thousands-f5-big-ip-users-takeover/157543/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-01 | CVE-2020-5903 | Cross-site Scripting vulnerability in F5 products In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. | 6.1 |