Security News > 2021 > March > Critical F5 BIG-IP vulnerability now targeted in ongoing attacks

Critical F5 BIG-IP vulnerability now targeted in ongoing attacks
2021-03-19 17:09

On Thursday, cybersecurity firm NCC Group said that it detected successful in the wild exploitation of a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices.

The security vulnerability these attackers attempt to exploit is an unauthenticated remote command execution tracked as CVE-2021-22986, and it affects most F5 BIG-IP and BIG-IQ software versions.

A similarly critical RCE vulnerability with a maximum 10/10 severity rating tracked as CVE-2020-5902 in F5 BIG-IP ADC appliances was also heavily exploited last year after being patched in July 2020.

Organizations are advised to patch their F5 BIG-IP devices as soon as possible to defend against future attacks.

"We strongly encourage all customers to update their BIG-IP and BIG-IQ systems to a fixed version as soon as possible," F5 said after releasing security updates to patch CVE-2021-22986 and three other critical security flaws affecting its products.

F5 provides info on upgrading BIG-IP appliances with details on multiple upgrade scenarios in this BIG-IP upgrade guide.


News URL

https://www.bleepingcomputer.com/news/security/critical-f5-big-ip-vulnerability-now-targeted-in-ongoing-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-03-31 CVE-2021-22986 Server-Side Request Forgery (SSRF) vulnerability in F5 products
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability.
network
low complexity
f5 CWE-918
critical
9.8
2020-07-01 CVE-2020-5902 Path Traversal vulnerability in F5 products
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
network
low complexity
f5 CWE-22
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
F5 141 6 267 399 64 736