Security News > 2020 > July > CISA Says Hackers Exploited BIG-IP Vulnerability in Attacks on U.S. Government
The U.S. Cybersecurity and Infrastructure Security Agency issued an alert on Friday to warn organizations about the risk posed by a recently patched vulnerability affecting F5 Networks' BIG-IP application delivery controller.
The critical security hole, identified as CVE-2020-5902, allows an attacker with access to the product's Traffic Management User Interface configuration utility to obtain credentials and other sensitive data, intercept traffic, and execute arbitrary code or commands, resulting in the system getting completely compromised.
CISA says government departments and agencies have been seeing scanning and reconnaissance activity associated with this flaw since July 6.
The agency has been investigating several potential breaches resulting from the exploitation of this vulnerability, including against U.S. government and commercial organizations, and it has so far confirmed two instances where systems have been compromised.
The agency's recommendations in case of a breach include reimaging compromised hosts, resetting account passwords, limiting access to the vulnerable management interface, and implementing network segmentation to prevent the attacker from moving laterally within the network.
News URL
Related news
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- CISA flags Craft CMS code injection flaw as exploited in attacks (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-01 | CVE-2020-5902 | Path Traversal vulnerability in F5 products In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. | 9.8 |