Security News > 2021 > March > Critical F5 BIG-IP Flaw Now Under Active Attack

Critical F5 BIG-IP Flaw Now Under Active Attack
2021-03-19 20:52

Attackers are exploiting a recently-patched, critical vulnerability in F5 devices that have not yet been updated.

The unauthenticated remote command execution flaw exists in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure, and could allow attackers to take full control over a vulnerable system.

After the patch was issued, several researchers posted proof-of-concept exploit code after reverse engineering the Java software patch in BIG-IP. Fast forward to this week, researchers reported mass scanning for - and in-the-wild exploitation of - the flaw.

The U.S. Cybersecurity and Infrastructure Agency has urged companies using BIG-IP and BIG-IQ to fix the critical F5 flaw, along with another bug being tracked as CVE-2021-22987.

Security experts in July urged companies to deploy an urgent patch for a critical vulnerability in F5 Networks' networking devices, which was being actively exploited by attackers to scrape credentials, launch malware and more.

The critical remote code-execution flaw had a CVSS score of 10 out of 10.


News URL

https://threatpost.com/critical-f5-big-ip-flaw-now-under-active-attack/164940/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-03-31 CVE-2021-22987 Unspecified vulnerability in F5 products
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
network
low complexity
f5
critical
9.9

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
F5 141 6 267 399 64 736