Security News > 2020 > July > CISA Says Hackers Exploited BIG-IP Vulnerability in Attacks on U.S. Government
The U.S. Cybersecurity and Infrastructure Security Agency issued an alert on Friday to warn organizations about the risk posed by a recently patched vulnerability affecting F5 Networks' BIG-IP application delivery controller.
The critical security hole, identified as CVE-2020-5902, allows an attacker with access to the product's Traffic Management User Interface configuration utility to obtain credentials and other sensitive data, intercept traffic, and execute arbitrary code or commands, resulting in the system getting completely compromised.
CISA says government departments and agencies have been seeing scanning and reconnaissance activity associated with this flaw since July 6.
The agency has been investigating several potential breaches resulting from the exploitation of this vulnerability, including against U.S. government and commercial organizations, and it has so far confirmed two instances where systems have been compromised.
The agency's recommendations in case of a breach include reimaging compromised hosts, resetting account passwords, limiting access to the vulnerable management interface, and implementing network segmentation to prevent the attacker from moving laterally within the network.
News URL
Related news
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- FortiManager critical vulnerability under active attack (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-01 | CVE-2020-5902 | Path Traversal vulnerability in F5 products In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. | 9.8 |