Home Security US CISA Alerts About Active Exploitation of F5 BIG-IP Vulnerability

US CISA Alerts About Active Exploitation of F5 BIG-IP Vulnerability

by Abeerah Hashim

Earlier this month, a serious security flaw surfaced online targeting F5 Networks. Now, the US CISA has issued an alert about the active exploits of this F5 BIG-IP vulnerability.

CISA Warns Of F5 BIG-IP Vulnerability Exploit

In a recent advisory, the United States Cybersecurity and Infrastructure Security Agency (CISA) warned all users of the F5 flaw. Specifically, they have warned of the active attacks in the wild against the F5 BIG-IP vulnerability.

This vulnerability specifically affected the BIG-IP Traffic Management User Interface (TMUI). Successful exploitation of the flaw allows a remote adversary to take control of the target systems and execute arbitrary codes. This also includes creating/deleting files, disabling services, and execute other commands.

While F5 Networks already patched the bugs, according to CISA, they fear that any unpatched systems may already have suffered an attack.

CISA has further shared various strategies to facilitate the organizations in case of a compromise. They have shared methods for the detection and mitigation of an active attack to assist the IT security personnel.

F5 Networks Vulnerability

The vulnerability, CVE-2020-5902, first came into limelight after researchers Positive Technologies shared details. Right after the disclosure, the criminal hackers started exploiting the vulnerability to target vulnerable systems.

Although, the vendors quickly addressed the vulnerability and released security fixes. However, due to the high number of devices not updated to the patched versions, the perpetrators got a chance to actively exploit the bug.

The US Cyber Command also issued an alert about it urging everyone to ensure quick patches. However, it seems many systems still remain at risk as they aren’t updated.

Though CISA has also shared mitigation strategies to fend-off active exploitation. Still, organizations should prefer updating the systems at the earliest to the F5 BIG-IP versions 11.6.5.2, 12.1.5.2, 13.1.3.4, 14.1.2.6, and 15.1.0.4 to avoid any attack.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Source link

Related Articles

Leave a Comment

This website uses cookies to improve your experience. We will assume you are ok with this, but you can opt-out if you wish. Accept Read More

%d bloggers like this: