Security News > 2020 > September > Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs
2020-09-14 21:20

Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers.

The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.

CISA claims the attacks were launched by threat actors affiliated with the Chinese Ministry of State Security.

The threat actors have been spotted successfully exploiting two common vulnerabilities - allowing them to compromise federal government and commercial entities, according to CISA. The first is a vulnerability in F5's Big-IP Traffic Management User Interface, which allows cyber threat actors to execute arbitrary system commands, create or delete files, disable services, and/or execute Java code.

Threat actors were also observed hunting for Citrix VPN Appliances vulnerable to CVE-2019-19781, which is a flaw that enables attackers to execute directory traversal attacks.


News URL

https://threatpost.com/hackers-gov-microsoft-exchange-f5-exploits/159226/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-12-27 CVE-2019-19781 Path Traversal vulnerability in Citrix products
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0.
network
low complexity
citrix CWE-22
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399
F5 141 6 267 399 64 736