PoC exploits released for critical vulnerability on F5 BIG-IP devices Two days after release updates for the critical vulnerability in F5 ΒIG-IP devices, security researchers began publishing proof-of-concept (PoC) exploits that show how easily these devices can be compromised through its exploitation vulnerability.
On Friday, the F5 revealed that updates had been released critical vulnerability CVE-2020-5902, which was rated 10/10 on the CVSSv3 scale.
This vulnerability allows a remote invader to access the Traffic Management User Interface (TMUI) of BIG-IP application delivery controller (ADC), without identity check. Then the attacker can execute code remotely.
Taking advantage of a BIG-IP device could allow an intruder to acquire it full access to the system, to export credentials user and possibly "cross" the internal network of the device.
The attacker can execute various commands, such as creating or deleting files, disabling services and / or executing Java code.
"This vulnerability could lead to a complete breach of the system. The BIG-IP system in Appliance fashion it is also vulnerable. "
Due to the seriousness of this vulnerability, the US government issued a warning and advised users to install the update as quickly as possible.
Traffic F5 BIG-IP PoC exploits
After the patch, many researchers began to publish PoC exploits for the vulnerability F5 BIG-IP CVE-2020-5902 to show how easily one can steal data and execute commands on vulnerable devices.
Another researcher has created one GitHub repositories which includes PoCs to perform various tasks, such as displaying the / etc / passwd file to gain access to stored credentials or to view the device's configuration file.
Ο Rich warren from NCC Group has already seen remote attacks attempting to exploit vulnerable F5 BIG-IP devices.
If you use F5 BIG-IP devices on your network, you must notify them immediately.
BIG-IP versions that are vulnerable to attacks (11.6.x, 12.1.x, 13.1.x, 14.1.x, 15.0.x, 15.1.x) must be upgraded to the corresponding updated versions (220.127.116.11, 18.104.22.168 , 13.1 .3.4, 22.214.171.124, 126.96.36.199).
Without a doubt, the APT teams, that is, the hacking teams funded by governments, but also ransomware gangs they will try to use these vulnerabilities to break into your network. Update your systems now!