F5 patches vulnerability that received a CVSS 10 severity score

f5-networks.jpg
Image: ZDNet

F5 Networks, one of the world’s largest provider of enterprise networking gear, has published a security advisory this week warning customers to patch a dangerous security flaw that is very likely to be exploited.

The vulnerability impacts the company’s BIG-IP product. These are multi-purpose networking devices that can work as web traffic shaping systems, load balancers, firewalls, access gateways, rate limiters, or SSL middleware.

BIP-IP is one of the most popular networking products in use today. They are used in government networks all over the globe, on the networks of internet service providers, inside cloud computing data centers, and widely across enterprise networks.

On its website, F5 says its BIG-IP devices are used on the networks of 48 companies included in the Fortune 50 list.

Coinbase 2

CVE-2020-5902

Tracked as CVE-2020-5902, the BIG-IP bug was found and privately reported to F5 by Mikhail Klyuchnikov, a security researcher at Positive Technologies.

The bug is a so-called “remote code execution” vulnerability in BIG-IP’s management interface, known as TMUI (Traffic Management User Interface).

Attackers can exploit this bug over the internet to gain access to the TMUI component, which runs on top of a Tomcat server on BIG-IP’s Linux-based operating system.

Hackers don’t need valid credentials to attack devices, and a successful exploit can allow intruders to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code — and eventually lead to attackers gaining full control over the BIG-IP device.

The vulnerability is so dangerous that it received the rare 10 out of 10 score on the CVSSv3 vulnerability severity scale. This score means the security bug is easy to exploit, automate, can be used over the internet, and doesn’t require valid credentials or advanced coding skills to take advantage of.

As a coincidence, this was the second 10/10 CVSS bug in a networking device disclosed this week, after a similar critical bug was revealed to impact Palo Alto Networks VPN and firewall devices on Monday.

Need for urgent patching

US Cyber Command issued a warning to the private and government sector this week to patch the Palo Alto bug — as they expected that foreign state hackers would attempt to exploit the vulnerability.

No official warning was issued by a US cyber-security agency, but the F5 bug is no less severe and just as dangerous as the Palo Alto one.

“The urgency of patching this [bug] cannot be understated,” said on Twitter this week Nate Warfield, a former F5 Networks engineer, and currently a security researcher at Microsoft.

“A common use of their technology is SSL offloading,” he added. “Full compromise of a system could, in theory, allow someone to snoop on unencrypted traffic inside the device.

“Their [management] OS is Linux based, and like most ADCs (application delivery controllers), they are deployed in core, high-access parts of networks.”

Currently, according to a Shodan search, there are around 8,400 BIG-IP devices connected online.

At the time of writing, several companies and security researchers in the cyber-security community have told ZDNet that they have not detected any attacks targeting these devices; but they fully expect attacks to begin soon, especially if a proof-of-concept exploit code is shared publicly online.

The F5 security for the CVE-2020-5902 BIG-IP TMUI RCE is available here, with information on vulnerable firmware versions and patches.

F5 patches vulnerability that received a CVSS 10 severity score 1
blank
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

blank

E-Crypto News Executive Interviews


blank

bitcoin
Bitcoin (BTC) $ 41,603.00
ethereum
Ethereum (ETH) $ 2,463.23
tether
Tether (USDT) $ 0.998285
binance-coin
Binance Coin (BNB) $ 333.12
cardano
Cardano (ADA) $ 1.31
xrp
XRP (XRP) $ 0.752829
dogecoin
Dogecoin (DOGE) $ 0.210436
usd-coin
USD Coin (USDC) $ 0.999681
polkadot
Polkadot (DOT) $ 16.41
binance-usd
Binance USD (BUSD) $ 0.999884
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 41,603.00
ethereumEthereum (ETH)
$ 2,463.23
tetherTether (USDT)
$ 0.998285
bitcoin-cashBitcoin Cash (BCH)
$ 544.95
litecoinLitecoin (LTC)
$ 143.76
bitcoinBitcoin (BTC)
35.041,17
ethereumEthereum (ETH)
2.074,72
tetherTether (USDT)
0,840830
bitcoin-cashBitcoin Cash (BCH)
459,00
litecoinLitecoin (LTC)
121,09
bitcoinBitcoin (BTC)
29,800.02
ethereumEthereum (ETH)
1,764.40
tetherTether (USDT)
0.715067
bitcoin-cashBitcoin Cash (BCH)
390.34
litecoinLitecoin (LTC)
102.97

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Hacks and Scam
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
blank
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021
Crypto Scams On The Rise As Market Enters Bull Cycle
Crypto Scams On The Rise As Market Enters Bull Cycle
December 22, 2020
Harpreet Singh Sahni perpetrated the Plus Gold Union Coin (PGUC) scam
Sydney Concert Promoter Harpreet Sahni Involved In $50M Crypto PGUC Scam
November 2, 2020

Blockchain/Cryptocurrency Questions and Answers

Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021
blank
What Is Plethori Platform And How Does It Work?
June 12, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin41,575 0.44 % 7.29 % 24.27 %
Ethereum2,456.9 0.35 % 4.99 % 16.05 %
Tether1.000 0.21 % 0.05 % 0.20 %
Binance Coin332.16 0.23 % 7.32 % 11.60 %
Cardano1.310 0.78 % 3.82 % 8.75 %
XRP0.7517 0.17 % 4.07 % 23.34 %
Dogecoin0.2095 0.70 % 4.34 % 8.18 %
USD Coin0.9992 0.13 % 0.05 % 0.16 %
Polkadot16.31 0.80 % 11.31 % 22.15 %
Binance USD0.9984 0.18 % 0.05 % 0.56 %

bitcoin
Bitcoin (BTC) $ 41,365.00
ethereum
Ethereum (ETH) $ 2,583.41
tether
Tether (USDT) $ 0.998956
binance-coin
Binance Coin (BNB) $ 339.46
cardano
Cardano (ADA) $ 1.36
xrp
XRP (XRP) $ 0.754941
dogecoin
Dogecoin (DOGE) $ 0.213361
usd-coin
USD Coin (USDC) $ 0.998909
polkadot
Polkadot (DOT) $ 18.77
binance-usd
Binance USD (BUSD) $ 0.999047