Governance & Risk Management , IT Risk Management , Patch Management

Thousands of Flawed F5 BIG-IP Networking Products Unpatched

Vulnerability Can Allow Remote Code Execution
Thousands of Flawed F5 BIG-IP Networking Products Unpatched
Source: F5 Networks

Despite warnings from security researchers and U.S. Cyber Command earlier this month, thousands of users have not yet patched their F5 BIG-IP networking products to fix a critical vulnerability that could allow for remote code execution, according to security firm Expanse.

See Also: The Fraudster's Journey - Fraud in the IVR

During recent scans, Expanse researchers found about 8,000 F5 BIG-IP networking installations remained unpatched for a vulnerability tracked as CVE-2020-5902, which could allow hackers to access networks, carry out commands, create or delete files, disable services and run remote code execution.

The CVE-2020-5902 vulnerability received a 10 out of 10 score on the CVSSv3 severity scale, which prompted the U.S. Cyber Command and the MS-ISAC Center for Internet Security to issue advisories urging prompt patching (see: Patching Urged as F5 BIG-IP Vulnerability Exploited).

When the vulnerability was first disclosed on July 3, security researchers using the Shodan search engine estimated there were as many as 8,500 F5 BIG-IP networking product installations exposed to this particular vulnerability, which means most of these users have not applied the fix over the last three weeks.

"This vulnerability could provide complete control of the host machine upon exploitation, enabling interception and redirection of web traffic, decryption of traffic destined for web servers and serve as a hop point into other areas of the network," according to the recent warning from Expanse.

Patching Urged

BIG-IP networking products are used by major banks, government agencies, internet service providers and Fortune 500 firms, including Microsoft and Oracle.

The products include a number of components, such as load balancers, access gateways and application delivery controllers. The CVE-2020-5902 vulnerability is located within the management port located in the Traffic Management User Interface, according to security firm Positive Technologies, which discovered the vulnerability and brought it to the attention of F5.

When the flaw was first disclosed over the July 4th holiday weekend, Rich Warren, a researcher with security firm NCC Group, reported that his company's honeypots had found an uptick in remote code execution attempts targeting the BIG-IP vulnerability, with a majority apparently originating in China.

At around the same time, some researchers published proof-of-concept exploits of the vulnerability, which is another reason why the U.S. Cyber Command issued a warning to apply the F5 patches immediately or use a mitigation strategy until the fix could be applied.

Other Vulnerabilities

Over the last month, researchers and government agencies have warned of other significant vulnerabilities found in other popular products.

For example, on June 30, the U.S. Cyber Command and others warned users of Palo Alto Networks PAN-OS software to patch a critical flaw that, if exploited, could enable hackers to remotely bypass authentication controls and gain full access to systems or networks (see: US Cyber Command Alert: Patch Palo Alto Networks Products).

On July 14, Microsoft issued a warning to customers to patch a "wormable" vulnerability affecting the Windows Server operating system. If exploited, this flaw could allow attackers to exploit an organization's entire infrastructure by crafting malicious DNS inquires (see: Microsoft: Patching 'Wormable' Windows Server Flaw Is Urgent).

The disclosure of this vulnerability in Windows Server promoted the U.S. Cybersecurity and Infrastructure Security Agency to issue a directive on Thursday requiring federal agencies to patch their systems.


About the Author

Prajeet Nair

Prajeet Nair

Principal Correspondent

Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.