Hackers Exploiting Critical Bug in F5 BIG-IP

Hacking groups have been exploiting bugs in corporate networks to gain unauthorized access to corporate networks or to perform malicious activities. Recently, hackers were seen exploiting a rare vulnerability in the F5 BIG-IP, that had received a CVSS score of 10, within a week after it was disclosed.

What happened

The vulnerability (CVE-2020-5902) in the F5 BIG-IP products has exposed several governments, cloud providers, ISPs, banks, and many Fortune 500 companies to possible risks of intrusion.
  • On July 1, Positive Technologies experts had revealed the remote code execution bug in BIG-IP's management interface, known as Traffic Management User Interface (TMUI). It was patched by the vendor on the same day.
  • They had also found more than 8,000 vulnerable devices available from the internet in the United States (40%), China (16%), Taiwan (3%), Canada and Indonesia (2.5%), and Russia (less than 1%) in June 2020.
  • By July 3, NCC Group observed active exploitation of the bug, through which the attackers were attempting to steal administrator passwords from the vulnerable devices.

More vulnerabilities

Due to the widespread use of such corporate products, exploitation of critical vulnerabilities like these may allow any attackers to gain full control over the networks of some of the world's most important IT networks.
  • In July, a Cross-Site Scripting (XSS) vulnerability (CVE-2020-5903) was also found in the BIG-IP Configuration utility.
  • The vulnerability could allow an attacker to run JavaScript code in the context of the currently logged-in user and abuse the BIG-IP system through Remote Code Execution.

Yet another critical bug

In late June, a critical authentication bypass bug (CVE-2020-2021) was revealed in the PAN-OS operating system running on Palo Alto Networks' firewalls and enterprise VPN appliances. US Cyber Command had warned the users to patch it immediately, as that bug had also received a 10/10 CVSS score. Palo Alto had immediately released a security advisory for the vulnerability.

Solution

On July 1, F5 Networks had already published patches along with a security advisory, warning customers to patch the vulnerabilities in BIG-IP devices, and also provided recommendations for the users.