Virtually 10 days after utility safety firm F5 Networks released patches for crucial vulnerabilities in its BIG-IP and BIG-IQ merchandise, adversaries have begun opportunistically mass scanning and concentrating on uncovered and unpatched networking gadgets to interrupt into enterprise networks.
Information of within the wild exploitation improvement comes on the heels of a proof-of-concept exploit code that surfaced on-line earlier this week by reverse-engineering the Java software program patch in BIG-IP. The mass scans are mentioned to have spiked since March 18.
The failings have an effect on BIG-IP variations 11.6 or 12.x and newer, with a crucial distant code execution (CVE-2021-22986) additionally impacting BIG-IQ variations 6.x and seven.x. CVE-2021-22986 (CVSS rating: 9.8) is notable for the truth that it is an unauthenticated, distant command execution vulnerability affecting the iControl REST interface, permitting an attacker to execute arbitrary system instructions, create or delete information, and disable companies with out the necessity for any authentication.
Profitable exploitation of those vulnerabilities might result in a full compromise of weak methods, together with the opportunity of distant code execution in addition to set off a buffer overflow, resulting in a denial of service (DoS) assault.
Whereas F5 mentioned it not conscious of any public exploitation of those points on March 10, researchers from NCC Group said they’ve now discovered proof of “full chain exploitation of F5 BIG-IP/BIG-IQ iControl REST API vulnerabilities CVE-2021-22986” within the wake of a number of exploitation makes an attempt in opposition to its honeypot infrastructure.
Moreover, Palo Alto Networks’ Unit 42 menace intelligence crew said it discovered makes an attempt to use CVE-2021-22986 to put in a variant of the Mirai botnet. Nevertheless it’s not instantly clear if these assaults have been profitable.
Given the recognition of BIG-IP/BIG-IQ in company and authorities networks, it ought to come as no shock that that is the second time in a 12 months F5 home equipment have grow to be a profitable goal for exploitation.
Final July, the corporate addressed the same crucial flaw (CVE-2020-5902), following which it was abused by Iranian and Chinese language state-sponsored hacking teams, prompting the U.S. Cybersecurity and Infrastructure Safety Company (CISA) to challenge an alert cautioning of a “broad scanning exercise for the presence of this vulnerability throughout federal departments and businesses.”
“The underside line is that [the flaws] have an effect on all BIG-IP and BIG-IQ prospects and cases — we urge all prospects to replace their BIG-IP and BIG-IQ deployments to the mounted variations as quickly as doable,” F5 Senior Vice President Kara Sprague noted final week.