Security News > 2020 > July > CISA Says Hackers Exploited BIG-IP Vulnerability in Attacks on U.S. Government
The U.S. Cybersecurity and Infrastructure Security Agency issued an alert on Friday to warn organizations about the risk posed by a recently patched vulnerability affecting F5 Networks' BIG-IP application delivery controller.
The critical security hole, identified as CVE-2020-5902, allows an attacker with access to the product's Traffic Management User Interface configuration utility to obtain credentials and other sensitive data, intercept traffic, and execute arbitrary code or commands, resulting in the system getting completely compromised.
CISA says government departments and agencies have been seeing scanning and reconnaissance activity associated with this flaw since July 6.
The agency has been investigating several potential breaches resulting from the exploitation of this vulnerability, including against U.S. government and commercial organizations, and it has so far confirmed two instances where systems have been compromised.
The agency's recommendations in case of a breach include reimaging compromised hosts, resetting account passwords, limiting access to the vulnerable management interface, and implementing network segmentation to prevent the attacker from moving laterally within the network.
News URL
Related news
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-01 | CVE-2020-5902 | Path Traversal vulnerability in F5 products In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. | 9.8 |