Security News > 2022 > May > Hackers Actively Exploit F5 BIG-IP Bug
Threat actors have started exploiting a critical bug in the application service provider F5's BIG-IP modules after a working exploit of the vulnerability was publicly made available.
A shodan query shared by security researcher Jacob Baines revealed thousands of exposed BIG-IP systems on the internet, which an attacker can leverage to exploit remotely.
In the past 24 hours, security researchers announced that they had created the working exploit of the vulnerability, and images related to proof-of-exploit code for CVE-2020-1388 started flooding Twitter.
The exploits are publicly available, and security researchers show how hackers can use the exploit by sending just two commands and some headers to target and access an F5 application endpoint named "Bash" which is exposed to the internet.
The exploit can also work when no password is supplied, as disclosed by Will Dormann, vulnerability analyst at the CERT/CC. Some of the exploitation attempts did not target the management interface as observed by Kevin Beaumont, he added that "If you configured F5 box as a load balancer and firewall via self IP it is also vulnerable so this may get messy."
The easiness of the exploit and the common term for the vulnerable endpoint 'bash' which is a popular Linux shell raises suspicion among security researchers as they believe it did not end up in the product by mistake.
News URL
https://threatpost.com/exploit-f5-big-ip-bug/179563/
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-14 | CVE-2020-1388 | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |