Security News > 2022 > May > CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency has added the recently disclosed F5 BIG-IP flaw to its Known Exploited Vulnerabilities Catalog following reports of active abuse in the wild.
"An attacker can use this vulnerability to do just about anything they want to on the vulnerable server," Horizon3.
Patches and mitigations for the flaw were announced on F5 on May 4, but it has been subjected to in-the-wild exploitation over the past week, with attackers attempting to install a web shell that grants backdoor access to the targeted systems.
"Due to the ease of exploiting this vulnerability, the public exploit code, and the fact that it provides root access, exploitation attempts are likely to increase," Rapid7 security researcher Ron Bowes noted.
"Widespread exploitation is somewhat mitigated by the small number of internet-facing F5 BIG-IP devices."
While F5 has since revised its advisory to include what it believes to be "Reliable" indicators of compromise, it has cautioned that "a skilled attacker can remove evidence of compromise, including log files, after successful exploitation."
News URL
https://thehackernews.com/2022/05/cisa-urges-organizations-to-patch.html
Related news
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)