Security News > 2022 > May > Hackers Actively Exploit F5 BIG-IP Bug

Threat actors have started exploiting a critical bug in the application service provider F5's BIG-IP modules after a working exploit of the vulnerability was publicly made available.

A shodan query shared by security researcher Jacob Baines revealed thousands of exposed BIG-IP systems on the internet, which an attacker can leverage to exploit remotely.

In the past 24 hours, security researchers announced that they had created the working exploit of the vulnerability, and images related to proof-of-exploit code for CVE-2020-1388 started flooding Twitter.

The exploits are publicly available, and security researchers show how hackers can use the exploit by sending just two commands and some headers to target and access an F5 application endpoint named "Bash" which is exposed to the internet.

The exploit can also work when no password is supplied, as disclosed by Will Dormann, vulnerability analyst at the CERT/CC. Some of the exploitation attempts did not target the management interface as observed by Kevin Beaumont, he added that "If you configured F5 box as a load balancer and firewall via self IP it is also vulnerable so this may get messy."

The easiness of the exploit and the common term for the vulnerable endpoint 'bash' which is a popular Linux shell raises suspicion among security researchers as they believe it did not end up in the product by mistake.

News URL

https://threatpost.com/exploit-f5-big-ip-bug/179563/