Home News Critical F5 BIG-IP vulnerability now targeted in ongoing attacks

    Critical F5 BIG-IP vulnerability now targeted in ongoing attacks


    Critical F5 BIG-IP vulnerability now targeted in ongoing attacks

    On Thursday, cybersecurity agency NCC Group stated that it detected profitable within the wild exploitation of a not too long ago patched essential vulnerability in F5 BIG-IP and BIG-IQ networking units.

    The exploitation makes an attempt have began earlier this week and have escalated over the last 24 hours, with mass scanning exercise being detected by NCC Group and Bad Packets.

    “Beginning this week and particularly within the final 24 hours (March 18th, 2021) we’ve noticed a number of exploitation makes an attempt in opposition to our honeypot infrastructure,” stated NCC Group’s Wealthy Warren and Sander Laarhoven.

    “This information, mixed with having reproduced the complete exploit-chain we assess {that a} public exploit is more likely to be obtainable within the public area quickly.”

    The safety vulnerability these attackers try to take advantage of is an unauthenticated distant command execution (RCE) tracked as CVE-2021-22986, and it impacts most F5 BIG-IP and BIG-IQ software program variations.

    A number of safety researchers have already shared proof-of-concept exploit code after reverse-engineering the BIG-IP patch.

    Profitable exploitation of this bug (with a severity ranking of 9.8/10) may result in full system compromise, together with lateral motion to the inner community and interception of controller software site visitors.

    Extremely helpful targets

    A equally essential RCE vulnerability with a most 10/10 severity ranking tracked as CVE-2020-5902 in F5 BIG-IP ADC home equipment was additionally closely exploited final 12 months after being patched in July 2020.

    Iranian-backed Pioneer Kitten hacking group started targeting enterprises with unpatched BIG-IP units proper after the flaw was disclosed.

    Their assaults lined up with an August alert issued by the FBI and warning of Iranian state hackers trying to take advantage of susceptible Large-IP ADC units beginning with early July 2020.

    CISA issued one other advisory saying that China-backed hacking groups targeted government agencies by looking down and making an attempt to hack their susceptible F5, Microsoft Trade, Citrix, Pulse Safe units and servers.

    Organizations are suggested to patch their F5 BIG-IP units as quickly as doable to defend in opposition to future assaults.

    “We strongly encourage all prospects to replace their BIG-IP and BIG-IQ techniques to a set model as quickly as doable,” F5 stated after releasing security updates to patch CVE-2021-22986 and three different essential safety flaws affecting its merchandise.

    “To totally remediate the essential vulnerabilities, all BIG-IP prospects might want to replace to a set model.”

    F5 offers information on upgrading BIG-IP home equipment with particulars on a number of improve situations on this BIG-IP upgrade guide.

    NCC Group additionally provides indicators of compromise, detection logic, and Suricata community guidelines to assist admins detect and block incoming assaults.

    Source link