Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
PoC Exploit Posted Online Leaves Critical F5 BIG-IP Bug Exposed
#1
Exclamation 
Quote:
[Image: Heimdal-Security-News-and-Updates-1030x360-6.png]

Adversaries are mass scanning and targeting exposed and unpatched networking devices trying to break into enterprise networks.

F5 Networks recently released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, but their adversaries have begun to mass scan and target exposed and unpatched networking devices.

This in the wild exploitation happened after a proof-of-concept exploits code surfaced online earlier this week by reverse-engineering the Java software patch in BIG-IP, and since then the mass scans have spiked. 

The flaws are affecting BIG-IP versions 11.6 or 12.x and newer, having a critical remote code execution (CVE-2021-22986) that is also impacting BIG-IQ versions 6.x and 7.x. CVE-2021-22986 (CVSS score: 9.8). 

It seems that the successful exploitation of these vulnerabilities could lead to a fully compromised system, with the possibility of remote code execution as well as trigger a buffer overflow, all of this leading to a DoS attack.

On March 10, F5 said it wasn’t aware of any public exploitation, but researchers from NCC Group have now found evidence of “full chain exploitation of F5 BIG-IP/BIG-IQ iControl REST API vulnerabilities CVE-2021-22986”, and also the researchers from Palo Alto Networks’ Unit 42 declared to had identified attempts to exploit CVE-2021-22986 and install the Mirai botnet. 

Given the popularity of BIG-IP/BIG-IQ in corporate and government networks, it should come as no surprise that this is the second time in a year F5 appliances have become a lucrative target for exploitation.

It’s not the first time when F5 had to address another critical flaw (CVE-2020-5902), that was abused by Iranian and Chinese state-sponsored hacking groups.
 
Quote:
The bottom line is that [the flaws] affect all BIG-IP and BIG-IQ customers and instances — we urge all customers to update their BIG-IP and BIG-IQ deployments to the fixed versions as soon as possible 

For the time being it’s not clear if the CVEs exploits were successful, as researchers are still investigating this matter. 
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>