[German]There are serious vulnerabilities in the BIG-IP appliances for which the manufacturer has released an update. An exploit is now seen in the wild actively exploiting systems so administrators responsible for the F5 BIG-IP appliances should patch them urgently.
Advertising
Die BIG-IP Appliances from F5-Netzworks
F5 Networks, Inc. is a transnational company specializing in application services and application delivery networking (ADN). F5's technologies focus on the delivery, security, performance and availability of Web applications, including the availability of computing, storage and networking resources.
F5's BIG-IP product family includes hardware, modularized software and virtual appliances running the F5 TMOS operating system. One or more BIG-IP product modules can be added depending on the appliance selected. The offerings include:
- Local Traffic Manager (LTM): Local load balancing based on a full proxy architecture.
- Application Security Manager (ASM): A Web application firewall.
- Access Policy Manager (APM): Provides access control and authentication for HTTP and HTTPS applications
- Advanced Firewall Manager (AFM): Advanced Firewall Manager (AFM): On-site DDoS protection, firewall for data centers.
- Application Acceleration Manager (AAM): Through technologies such as compression and caching.
- IP Intelligence (IPI): Blocking known incorrect IP addresses, preventing phishing attacks and botnets.
- WebSafe: Protects against sophisticated fraud threats by using advanced encryption, clientless malware detection, and session behavior analysis.
- BIG-IP DNS: Distributes DNS and application requirements based on user, network and cloud performance conditions.
Some information can be found on the provider's website. Einige Informationen lassen sich auf der deutschsprachigen Webseite des Anbieters abrufen.
Vulnerabilities in F5 BIG-IP appliances
There are several vulnerabilities in the F5 BIG-IP appliances that could be exploited by attackers to execute malicious code on the systems. The CVE-2020-5902 vulnerability in the Traffic Management User Interface (TMUI) has a score of 10. Attackers can access the appliances without authentication. F5 Networks has released the following security updates for customers to close the vulnerabilities.
- 15.1.0.4
- 14.1.2.6
- 13.1.3.4
- 12.1.5.2
- 11.6.5.2
Bleeping Computer has pubished an article with further details about this topic. Rich Warren points out in the tweet below that an exploit is traded and actively used for attacks.
Advertising
Ok, we are seeing active exploitation of CVE-2020-5902
Patch it today
— Rich Warren (@buffaloverflow) July 4, 2020
Bleeping Computer has this article with more details. Administrators should patch now.
Advertising