Security News > 2021 > March > Critical F5 BIG-IP Flaw Now Under Active Attack
Attackers are exploiting a recently-patched, critical vulnerability in F5 devices that have not yet been updated.
The unauthenticated remote command execution flaw exists in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure, and could allow attackers to take full control over a vulnerable system.
After the patch was issued, several researchers posted proof-of-concept exploit code after reverse engineering the Java software patch in BIG-IP. Fast forward to this week, researchers reported mass scanning for - and in-the-wild exploitation of - the flaw.
The U.S. Cybersecurity and Infrastructure Agency has urged companies using BIG-IP and BIG-IQ to fix the critical F5 flaw, along with another bug being tracked as CVE-2021-22987.
Security experts in July urged companies to deploy an urgent patch for a critical vulnerability in F5 Networks' networking devices, which was being actively exploited by attackers to scrape credentials, launch malware and more.
The critical remote code-execution flaw had a CVSS score of 10 out of 10.
News URL
https://threatpost.com/critical-f5-big-ip-flaw-now-under-active-attack/164940/
Related news
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- FortiManager critical vulnerability under active attack (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-31 | CVE-2021-22987 | Unspecified vulnerability in F5 products On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. | 9.9 |