Tuesday, January 26, 00:31
Home security PoC exploits released for critical vulnerability on F5 BIG-IP devices

PoC exploits released for critical vulnerability on F5 BIG-IP devices

PoC exploits released for critical vulnerability on F5 BIG-IP devices Two days after release updates for the critical vulnerability in F5 ΒIG-IP devices, security researchers began publishing proof-of-concept (PoC) exploits that show how easily these devices can be compromised through its exploitation vulnerability.

PoC exploits released for critical vulnerability on F5 BIG-IP devices

F5 customers who use BIG-IP devices and solutions are mostly governments, Fortune 500 companies, banks, Internet service providers and many large companies, such as Microsoft, Oracle and Facebook.

On Friday, the F5 revealed that updates had been released critical vulnerability CVE-2020-5902, which was rated 10/10 on the CVSSv3 scale.

This vulnerability allows a remote invader to access the Traffic Management User Interface (TMUI) of BIG-IP application delivery controller (ADC), without identity check. Then the attacker can execute code remotely.

PoC exploits released for critical vulnerability on F5 BIG-IP devices
PoC exploits released for critical vulnerability on F5 BIG-IP devices

Taking advantage of a BIG-IP device could allow an intruder to acquire it full access to the system, to export credentials user and possibly "cross" the internal network of the device.

The attacker can execute various commands, such as creating or deleting files, disabling services and / or executing Java code.

"This vulnerability could lead to a complete breach of the system. The BIG-IP system in Appliance fashion it is also vulnerable. "

Due to the seriousness of this vulnerability, the US government issued a warning and advised users to install the update as quickly as possible.

Traffic F5 BIG-IP PoC exploits

After the patch, many researchers began to publish PoC exploits for the vulnerability F5 BIG-IP CVE-2020-5902 to show how easily one can steal data and execute commands on vulnerable devices.

PoC exploits released for critical vulnerability on F5 BIG-IP devices

Another researcher has created one GitHub repositories which includes PoCs to perform various tasks, such as displaying the / etc / passwd file to gain access to stored credentials or to view the device's configuration file.

Ο Rich warren from NCC Group has already seen remote attacks attempting to exploit vulnerable F5 BIG-IP devices.

PoC exploits released for critical vulnerability on F5 BIG-IP devices
PoC exploits released for critical vulnerability on F5 BIG-IP devices

If you use F5 BIG-IP devices on your network, you must notify them immediately.

BIG-IP versions that are vulnerable to attacks (11.6.x, 12.1.x, 13.1.x, 14.1.x, 15.0.x, 15.1.x) must be upgraded to the corresponding updated versions (11.6.5.2, 12.1.5.2 , 13.1 .3.4, 14.1.2.6, 15.1.0.4).

Without a doubt, the APT teams, that is, the hacking teams funded by governments, but also ransomware gangs they will try to use these vulnerabilities to break into your network. Update your systems now!

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

00:02:40

COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...
00:02:17

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...