Security News > 2021 > March > Critical F5 BIG-IP Flaw Now Under Active Attack
Attackers are exploiting a recently-patched, critical vulnerability in F5 devices that have not yet been updated.
The unauthenticated remote command execution flaw exists in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure, and could allow attackers to take full control over a vulnerable system.
After the patch was issued, several researchers posted proof-of-concept exploit code after reverse engineering the Java software patch in BIG-IP. Fast forward to this week, researchers reported mass scanning for - and in-the-wild exploitation of - the flaw.
The U.S. Cybersecurity and Infrastructure Agency has urged companies using BIG-IP and BIG-IQ to fix the critical F5 flaw, along with another bug being tracked as CVE-2021-22987.
Security experts in July urged companies to deploy an urgent patch for a critical vulnerability in F5 Networks' networking devices, which was being actively exploited by attackers to scrape credentials, launch malware and more.
The critical remote code-execution flaw had a CVSS score of 10 out of 10.
News URL
https://threatpost.com/critical-f5-big-ip-flaw-now-under-active-attack/164940/
Related news
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Critical Flaws in Traccar GPS System Expose Users to Remote Attacks (source)
- Ransomware attacks escalate as critical sectors struggle to keep up (source)
- Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- Critical SonicWall SSLVPN bug exploited in ransomware attacks (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Ivanti warns of another critical CSA flaw exploited in attacks (source)
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-31 | CVE-2021-22987 | Unspecified vulnerability in F5 products On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. | 9.0 |