Following the released Security Advisory and Proof-of-Concept for the critical remote code execution (RCE) vulnerability found on F5’s BIG-IP products. Threat Actors are observed to have been leveraging unpatched and vulnerable devices to gain full control of an affected system.

Tracked as CVE-2020-5902, the flaw can allow a remote attacker to access the Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC) without authentication and perform remote code execution. Successful exploitation can allow attackers to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code that can lead to attackers gaining full control over the BIG-IP devices.

___________________________________

A. Nature of Attack

What are the affected systems of this vulnerability:

BIG-IP Products Version:

  • 11.6.x
  • 12.1.x
  • 13.1.x
  • 14.1.x
  • 15.0.x
  • 15.1.x

___________________________________

B. Measures to be Taken

CERT-PH recommends the following actions be taken:

  • Immediately apply and test the patch to the affected devices with their corresponding patched versions.
  • For further mitigation procedures, follow the detailed instructions on the recommended actions provided by F5 Networks, Inc.