Home Cyber Crime F5 urges customers to patch critical BIG-IP pre-auth RCE bug

F5 urges customers to patch critical BIG-IP pre-auth RCE bug


F5 urges customers to patch critical BIG-IP pre-auth RCE bug

F5 Networks, a number one supplier of enterprise networking gear, has introduced 4 crucial distant code execution (RCE) vulnerabilities affecting most BIG-IP and BIG-IQ software program variations.

F5 BIG-IP software program and {hardware} clients embody governments, Fortune 500 corporations, banks, web service suppliers, and shopper manufacturers (together with Microsoft, Oracle, and Fb), with the corporate claiming that “48 of the Fortune 50 depend on F5.”

The 4 crucial vulnerabilities listed beneath additionally embody a pre-auth RCE safety flaw (CVE-2021-22986) which permits unauthenticated distant attackers to execute arbitrary instructions on compromised BIG-IP gadgets:

At present, F5 printed safety advisories on three different RCE vulnerabilities (two excessive and one medium, with CVSS severity rankings between 6.6 and eight.8), permitting authenticated distant attackers to execute arbitrary system instructions.

Profitable exploitation of crucial BIG-IP RCE vulnerabilities may result in full system compromise, together with the interception of controller utility site visitors and lateral motion to the interior community.

The seven vulnerabilities are mounted within the following BIG-IP variations:,, 14.1.4,,, and, in line with F5.

CVE-2021-22986, the pre-auth RCE flaw, additionally impacts BIG-IQ (a administration resolution for BIG-IP gadgets), and it was mounted in 8.0.0,, and seven.0.0.2.

We strongly encourage all clients to replace their BIG-IP and BIG-IQ techniques to a set model as quickly as potential,” F5 says in a notification printed earlier in the present day.

“To totally remediate the crucial vulnerabilities, all BIG-IP clients might want to replace to a set model.”

F5 gives info on the way to improve the software program working in your BIG-IP home equipment with particulars on a number of improve situations on this BIG-IP upgrade guide.

BIG-IP RCE flaws beforehand exploited by state hackers

In July 2020, F5 patched a crucial RCE vulnerability with a most 10/10 CVSSv3 ranking tracked as CVE-2020-5902 and affecting the Site visitors Administration Person Interface (TMUI) of BIG-IP ADC home equipment.

Just like the pre-auth RCE bug introduced in the present day, CVE-2020-5902 permits unauthenticated attackers to run arbitrary system instructions following profitable exploitation.

Dragos safety researchers reported in September that the Iranian-backed Pioneer Kitten hacking group started targeting enterprises that did not patch their BIG-IP gadgets beginning with early-July 2020 after the flaw was introduced.

The malicious exercise revealed by Dragos lined up with an August FBI Private Industry Notification additionally warning of Iranian state hackers making an attempt to use weak Massive-IP ADC gadgets since early July 2020.

CISA issued one other advisory concerning China-sponsored hackers targeting government agencies by searching down and attempting to hack F5, Microsoft Change, Citrix, Pulse Safe gadgets and servers.

Enterprises with unpatched F5 BIG-IP ADCs face an excellent larger danger from financially motivated menace actors that may additionally deploy ransomware on compromised networks and steal credentials to entry different community gadgets.

Source link