Remote code execution at F5 BIG-IP apparatus exposes authorities, cloud suppliers, ISPs, banks, and many Fortune 500 businesses to potential intrusions.
F5 Networks, one of the world’s largest provider of enterprise networking equipment, has released a security advisory this week warning customers to spot a dangerous security flaw that’s very likely to be exploited.
The vulnerability impacts the organization’s BIG-IP merchandise. These are networking devices that could work as web traffic shaping rate limiters, load balancers, firewalls, access gateways, systems, or SSL middleware.
BIP-IP is among the most popular networking products in use today. They are used all on the networks of service providers, inside cloud computing information centers, and widely across enterprise networks.
On its own site , F5 claims its BIG-IP devices are used on the networks of 48 businesses within the Fortune 50 list.
Tracked as CVE-2020-5902, the BIG-IP bug was found and privately reported to F5 by Mikhail Klyuchnikov, a security researcher in Positive Technologies.
The insect is a so-called”remote code execution” vulnerability in BIG-IP’s management interface, called TMUI (Traffic Management User Interface).
Attackers can exploit this bug over the internet to obtain access to this TMUI component, which runs on top of a Tomcat server on BIG-IP’s Linux-based operating system.
Hackers do not need legal credentials to assault devices, along with a successful exploit can allow intruders to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code — and finally result in attackers gaining complete control over the BIG-IP apparatus.
The vulnerability is so dangerous that it received the infrequent 10 out of 10 score to the CVSSv3 vulnerability severity scale. This score implies the security bug is simple to exploit, automate, can be used on the web, and does not need valid credentials or complex coding skills to make the most of.
As a coincidence, this is the next 10/10 CVSS bug in a networking device disclosed this week, after a similar critical bug was shown to impact Palo Alto Networks VPN and firewall devices on Monday.
Need for urgent patching
US Cyber Control issued a warning to the government and private sector this week to spot the Palo Alto insect — as they anticipated that foreign state hackers would try to exploit the vulnerability.
No official warning has been issued with an US cyber-security agency, but the F5 insect is not any less intense and just as harmful as the Palo Alto one.
“The freedom of minding this [bug] cannot be understated,” stated on Twitter this week Nate Warfield, an former F5 Networks engineer, and currently a security researcher in Microsoft.
“A frequent use of the technology is SSL offloading,” he added. “Complete compromise of a system may, in theory, allow a person to snoop on unencrypted traffic within the device.
“Their [management] OS is Linux based, and like most ADCs (program delivery controls ), they’re deployed in center, high-access parts of networks.”
Currently, according to a Shodan search, there are around 8,400 BIG-IP devices connected on the internet.
At the time of writing, many companies and security researchers at the cyber-security community have told ZDNet that they have not detected any strikes targeting these apparatus; but they fully anticipate attacks to begin shortly, especially if a proof-of-concept exploit code has been shared publicly online.
The F5 safety for the CVE-2020-5902 BIG-IP TMUI RCE is available here, together with information on exposed firmware versions and patches.
Each of the major Intel vulnerabilities