Following the released Security Advisory and Proof-of-Concept for the critical remote code execution (RCE) vulnerability found on F5’s BIG-IP products. Threat Actors are observed to have been leveraging unpatched and vulnerable devices to gain full control of an affected system.
Tracked as CVE-2020-5902, the flaw can allow a remote attacker to access the Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC) without authentication and perform remote code execution. Successful exploitation can allow attackers to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code that can lead to attackers gaining full control over the BIG-IP devices.
A. Nature of Attack
What are the affected systems of this vulnerability:
BIG-IP Products Version:
B. Measures to be Taken
CERT-PH recommends the following actions be taken:
- Immediately apply and test the patch to the affected devices with their corresponding patched versions.
- For further mitigation procedures, follow the detailed instructions on the recommended actions provided by F5 Networks, Inc.