Security News > 2022 > May > Hackers Actively Exploit F5 BIG-IP Bug
Threat actors have started exploiting a critical bug in the application service provider F5's BIG-IP modules after a working exploit of the vulnerability was publicly made available.
A shodan query shared by security researcher Jacob Baines revealed thousands of exposed BIG-IP systems on the internet, which an attacker can leverage to exploit remotely.
In the past 24 hours, security researchers announced that they had created the working exploit of the vulnerability, and images related to proof-of-exploit code for CVE-2020-1388 started flooding Twitter.
The exploits are publicly available, and security researchers show how hackers can use the exploit by sending just two commands and some headers to target and access an F5 application endpoint named "Bash" which is exposed to the internet.
The exploit can also work when no password is supplied, as disclosed by Will Dormann, vulnerability analyst at the CERT/CC. Some of the exploitation attempts did not target the management interface as observed by Kevin Beaumont, he added that "If you configured F5 box as a load balancer and firewall via self IP it is also vulnerable so this may get messy."
The easiness of the exploit and the common term for the vulnerable endpoint 'bash' which is a popular Linux shell raises suspicion among security researchers as they believe it did not end up in the product by mistake.
News URL
https://threatpost.com/exploit-f5-big-ip-bug/179563/
Related news
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-14 | CVE-2020-1388 | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |