Patching Urged as F5 BIG-IP Vulnerability Exploited

Researchers Say Exploited Flaw Could Lead to Complete System Compromises

Security researchers warn that the number of exploit attempts targeting a critical vulnerability in F5 Networks’ BIG-IP networking products has steadily increased since the company first announced the flaw late last week. They urge users to immediately apply patches.

F5 Networks released patches for the critical vulnerability in BIG-IP networking products over the July 4th holiday weekend after security researchers warned that the flaws were already being exploited. Because the vulnerability is within the user interface, the flaw affects many products and versions within the BIG-IP product line.

Meanwhile, other security researchers have posted proof-of-concept exploits of this vulnerability in an effort to get organizations to apply the patches as soon as possible.

Urgent Security Advisory

F5 released an urgent security advisory on a remote code execution vulnerability in the traffic management user interface of BIG-IP, a family of products used by banks, government agencies, internet service providers and Fortune 500 firms, including Microsoft and Oracle.

The vulnerability, tracked as CVE-2020-5902, could allow hackers to access networks, carry out commands, create or delete files, disable services and run remote code execution, according to F5’s advisory.

The vulnerability received a 10 out of 10 score on the CVSSv3 severity scale, which prompted the U.S. Cyber Command and the MS-ISAC Center for Internet Security to issue their own advisories on the security flaw on Friday, urging government and private business users to apply the patches as soon as possible.

The affected F5 BIG-IP systems are load balancers, the exploit gives attackers access to acquire:

  • Credentials;
  • Existing sessions through cookie theft;
  • License keys;
  • Private keys to SSL or TLS certificates on the device.