Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
F5 urges customers to patch 4 critical BIG-IP pre-auth RCE bugs
#1
Quote:F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most BIG-IP and BIG-IQ software versions.
 
F5 BIG-IP software and hardware customers include governments, Fortune 500 firms, banks, internet service providers, and consumer brands (including Microsoft, Oracle, and Facebook), with the company claiming that "48 of the Fortune 50 rely on F5."
 
The four critical vulnerabilities listed below also include a pre-auth RCE security flaw (CVE-2021-22986) which allows unauthenticated remote attackers to execute arbitrary commands on compromised BIG-IP devices:  
Today, F5 published security advisories on three other RCE vulnerabilities (two high and one medium, with CVSS severity ratings between 6.6 and 8.8), allowing authenticated remote attackers to execute arbitrary system commands.
Successful exploitation of critical BIG-IP RCE vulnerabilities could lead to full system compromise, including the interception of controller application traffic and lateral movement to the internal network.
 
The seven vulnerabilities are fixed in the following BIG-IP versions: 16.0.1.1, 15.1.2.1, 14.1.4, 13.1.3.6, 12.1.5.3, and 11.6.5.3, according to F5.
CVE-2021-22986, the pre-auth RCE flaw, also affects BIG-IQ (a management solution for BIG-IP devices), and it was fixed in 8.0.0, 7.1.0.3, and 7.0.0.2.
"We strongly encourage all customers to update their BIG-IP and BIG-IQ systems to a fixed version as soon as possible," F5 says in a notification published earlier today.
"To fully remediate the critical vulnerabilities, all BIG-IP customers will need to update to a fixed version."
 
F5 provides information on how to upgrade the software running on your BIG-IP appliances with details on multiple upgrade scenarios in this BIG-IP upgrade guide.
 
We've announced several fixes for vulnerabilities, 4 of them critical. If you're an F5 customer, update your BIG-IP and BIG-IQ systems as soon as possible to fully protect yourself. You'll find all the info here: https://t.co/9Bu53O3cjg pic.twitter.com/rjyUu29DfM
— F5 (@F5) March 10, 2021
BIG-IP RCE flaws previously exploited by state hackers
In July 2020, F5 patched a critical RCE vulnerability with a maximum 10/10 CVSSv3 rating tracked as CVE-2020-5902 and affecting the Traffic Management User Interface (TMUI) of BIG-IP ADC appliances.
 
Similar to the pre-auth RCE bug announced today, CVE-2020-5902 allows unauthenticated attackers to run arbitrary system commands following successful exploitation.
 
Dragos security researchers reported in September that the Iranian-backed Pioneer Kitten hacking group started targeting enterprises that didn't patch their BIG-IP devices starting with early-July 2020 after the flaw was announced.
 
The malicious activity revealed by Dragos lined up with an August FBI Private Industry Notification also warning of Iranian state hackers attempting to exploit vulnerable Big-IP ADC devices since early July 2020.
 
CISA issued another advisory regarding China-sponsored hackers targeting government agencies by hunting down and trying to hack F5, Microsoft Exchange, Citrix, Pulse Secure devices and servers.
 
Enterprises with unpatched F5 BIG-IP ADCs face an even higher risk from financially motivated threat actors that might also deploy ransomware on compromised networks and steal credentials to access other network devices.


Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Anonymous urges Internet users to spam Google Maps, Bjyda 0 1,672 03-01-2022 , 09:13 PM
Last Post: Bjyda
  Digital Vault ( superantispyware) Available for U.S. customers only mrtrout 0 940 04-09-2021 , 12:30 AM
Last Post: mrtrout
  SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product mrtrout 0 1,033 01-23-2021 , 10:06 PM
Last Post: mrtrout
  Critical bugs in Dell Wyse ThinOS allow thin client take over mrtrout 0 1,175 12-21-2020 , 10:07 PM
Last Post: mrtrout
  HPE fixes maximum severity remote auth bypass bug in SSMC console mrtrout 0 1,033 10-24-2020 , 08:15 AM
Last Post: mrtrout



Users browsing this thread: 1 Guest(s)