Geeks for your information Security Security Vendors Heimdal Security Heimdal Security Blog Articles v
PoC Exploit Posted Online Leaves Critical F5 BIG-IP Bug Exposed
PoC Exploit Posted Online Leaves Critical F5 BIG-IP Bug Exposed
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 16,304
Threads: 10,319
Thanks Received: 9,367 in 7,513 posts
Thanks Given: 10,349
Joined: 12 September 18
#1
Exclamation  23 March 21, 10:01
Quote:
[Image: Heimdal-Security-News-and-Updates-1030x360-6.png]

Adversaries are mass scanning and targeting exposed and unpatched networking devices trying to break into enterprise networks.

F5 Networks recently released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, but their adversaries have begun to mass scan and target exposed and unpatched networking devices.

This in the wild exploitation happened after a proof-of-concept exploits code surfaced online earlier this week by reverse-engineering the Java software patch in BIG-IP, and since then the mass scans have spiked. 

The flaws are affecting BIG-IP versions 11.6 or 12.x and newer, having a critical remote code execution (CVE-2021-22986) that is also impacting BIG-IQ versions 6.x and 7.x. CVE-2021-22986 (CVSS score: 9.8). 

It seems that the successful exploitation of these vulnerabilities could lead to a fully compromised system, with the possibility of remote code execution as well as trigger a buffer overflow, all of this leading to a DoS attack.

On March 10, F5 said it wasn’t aware of any public exploitation, but researchers from NCC Group have now found evidence of “full chain exploitation of F5 BIG-IP/BIG-IQ iControl REST API vulnerabilities CVE-2021-22986”, and also the researchers from Palo Alto Networks’ Unit 42 declared to had identified attempts to exploit CVE-2021-22986 and install the Mirai botnet. 

Given the popularity of BIG-IP/BIG-IQ in corporate and government networks, it should come as no surprise that this is the second time in a year F5 appliances have become a lucrative target for exploitation.

It’s not the first time when F5 had to address another critical flaw (CVE-2020-5902), that was abused by Iranian and Chinese state-sponsored hacking groups.
 
Quote:
The bottom line is that [the flaws] affect all BIG-IP and BIG-IQ customers and instances — we urge all customers to update their BIG-IP and BIG-IQ deployments to the fixed versions as soon as possible 
Source 

For the time being it’s not clear if the CVEs exploits were successful, as researchers are still investigating this matter. 
...
Continue Reading
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Sysinternals Suite 07.05.2026
Sysinternals Suite...harlan4096 — 07:42
Tor Browser 15.0.13
Tor Browser 15.0.1...harlan4096 — 07:39
K-Lite Codec Pack 19.7.0 / 19.7.0 Update
Changes in 19.7.0:...harlan4096 — 07:39
Microsoft Edge 148.0.3967.54
Version 148.0.3967...harlan4096 — 07:37
AdGuard Browser Extension 5.4.1.3
AdGuard Browser Ex...harlan4096 — 07:35

[-]
Birthdays
Today's Birthdays
avatar (41)iruqi
avatar (42)saitetib
avatar (36)ypasodiny
Upcoming Birthdays
avatar (28)akiratoriyama
avatar (48)Jerrycix
avatar (40)awedoli
avatar (82)WinRARHowTo
avatar (38)owysykan
avatar (49)beautgok
avatar (39)axuben
avatar (45)talsmanthago
avatar (31)mocetor
avatar (46)piomaibhaict
avatar (51)kingbfef
avatar (38)izenesiq
avatar (40)ihijudu
avatar (45)tiojusop
avatar (42)Damiennug
avatar (40)acoraxe
avatar (49)contjrat
avatar (41)axylisyb
avatar (44)tukrublape
avatar (39)omapek
avatar (48)Geraldtuh
avatar (44)knigiJow
avatar (46)1stOnecal
avatar (50)Mirzojap
avatar (36)idilysaju
avatar (40)GregoryRog
avatar (45)mediumog
avatar (40)odukoromu
avatar (46)Joanna4589

[-]
Online Staff
There are no staff members currently online.

>