Security News > 2021 > March > Critical F5 BIG-IP Flaw Now Under Active Attack
Attackers are exploiting a recently-patched, critical vulnerability in F5 devices that have not yet been updated.
The unauthenticated remote command execution flaw exists in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure, and could allow attackers to take full control over a vulnerable system.
After the patch was issued, several researchers posted proof-of-concept exploit code after reverse engineering the Java software patch in BIG-IP. Fast forward to this week, researchers reported mass scanning for - and in-the-wild exploitation of - the flaw.
The U.S. Cybersecurity and Infrastructure Agency has urged companies using BIG-IP and BIG-IQ to fix the critical F5 flaw, along with another bug being tracked as CVE-2021-22987.
Security experts in July urged companies to deploy an urgent patch for a critical vulnerability in F5 Networks' networking devices, which was being actively exploited by attackers to scrape credentials, launch malware and more.
The critical remote code-execution flaw had a CVSS score of 10 out of 10.
News URL
https://threatpost.com/critical-f5-big-ip-flaw-now-under-active-attack/164940/
Related news
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-31 | CVE-2021-22987 | Unspecified vulnerability in F5 products On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. | 9.9 |