Geeks for your information Security Security Vendors Heimdal Security Heimdal Security Blog Articles v
PoC Exploit Posted Online Leaves Critical F5 BIG-IP Bug Exposed
PoC Exploit Posted Online Leaves Critical F5 BIG-IP Bug Exposed
harlan4096 Online
MalWare Zoo Team
*******
Posts: 16,104
Threads: 10,241
Thanks Received: 9,329 in 7,475 posts
Thanks Given: 10,286
Joined: 12 September 18
#1
Exclamation  23 March 21, 10:01
Quote:
[Image: Heimdal-Security-News-and-Updates-1030x360-6.png]

Adversaries are mass scanning and targeting exposed and unpatched networking devices trying to break into enterprise networks.

F5 Networks recently released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, but their adversaries have begun to mass scan and target exposed and unpatched networking devices.

This in the wild exploitation happened after a proof-of-concept exploits code surfaced online earlier this week by reverse-engineering the Java software patch in BIG-IP, and since then the mass scans have spiked. 

The flaws are affecting BIG-IP versions 11.6 or 12.x and newer, having a critical remote code execution (CVE-2021-22986) that is also impacting BIG-IQ versions 6.x and 7.x. CVE-2021-22986 (CVSS score: 9.8). 

It seems that the successful exploitation of these vulnerabilities could lead to a fully compromised system, with the possibility of remote code execution as well as trigger a buffer overflow, all of this leading to a DoS attack.

On March 10, F5 said it wasn’t aware of any public exploitation, but researchers from NCC Group have now found evidence of “full chain exploitation of F5 BIG-IP/BIG-IQ iControl REST API vulnerabilities CVE-2021-22986”, and also the researchers from Palo Alto Networks’ Unit 42 declared to had identified attempts to exploit CVE-2021-22986 and install the Mirai botnet. 

Given the popularity of BIG-IP/BIG-IQ in corporate and government networks, it should come as no surprise that this is the second time in a year F5 appliances have become a lucrative target for exploitation.

It’s not the first time when F5 had to address another critical flaw (CVE-2020-5902), that was abused by Iranian and Chinese state-sponsored hacking groups.
 
Quote:
The bottom line is that [the flaws] affect all BIG-IP and BIG-IQ customers and instances — we urge all customers to update their BIG-IP and BIG-IQ deployments to the fixed versions as soon as possible 
Source 

For the time being it’s not clear if the CVEs exploits were successful, as researchers are still investigating this matter. 
...
Continue Reading
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Geekbench flags Intel Binary Optimizati...
Geekbench says Intel...harlan4096 — 16:40
Surfshark VPN : Award-winning VPN servi...
VPN encryption exp...jasonX — 12:36
Surfshark VPN : Award-winning VPN servi...
5-9-14 Eyes and VP...jasonX — 12:04
QOwnNotes
26.3.24  Added bloc...Kool — 10:38
K-Lite Codec Pack 19.6.0 / 19.6.4 Update
Changes in 19.6.4 ...harlan4096 — 09:03

[-]
Birthdays
Today's Birthdays
avatar (44)lamSouse
Upcoming Birthdays
avatar (45)wapedDow
avatar (49)oapedDow
avatar (42)Sanchowogy
avatar (46)MeighGoask
avatar (47)creatralGuelm
avatar (38)procnipsut
avatar (44)accenwibly
avatar (41)ahyvily
avatar (38)urumahiz
avatar (44)techlignub
avatar (43)Stevenmam
avatar (50)onlinbah
avatar (50)fuspeukChark
avatar (44)werriewWaiNg
avatar (38)Freemanleo
avatar (48)cticigges
avatar (50)ecoFit
avatar (44)soccejeS
avatar (43)cdoubapKit
avatar (38)lystraPonia
avatar (31)smith8395john
avatar (51)steakelask
avatar (45)Termoplenka
avatar (43)bycoPaist
avatar (49)pieloKat
avatar (43)ilyagNeexy
avatar (51)donitascene
avatar (51)burntLaw
avatar (41)MrDoorsskibheeds
avatar (51)Toligo
avatar (46)Rodneykak
avatar (49)tradeSmode
avatar (39)vemedProkbior
avatar (38)RobertUtelt
avatar (46)JamesZic
avatar (43)Sanfordbup
avatar (38)Der.Reisende
avatar (41)alapesihy
avatar (36)Kiran78

[-]
Online Staff
There are no staff members currently online.

>