New critical vulnerability detected affects Public Sector and Fortune 500 companies

Users of F5 enterprise and data centre BIG-IP network products are warned to patch the devices as soon as possible to handle a critical, easy to exploit remote code execution vulnerability that has now been made public.

This critical remote code execution flaw in F5 Networks' BIG-IP devices was disclosed last week and is already under attack. The vulnerability rates as 10 out 10 on the Common Vulnerabilities Scoring System and lies in lack of proper access control for the Traffic Management User Interface (TMUI) configuration utility for the devices. This is made even more serious by the fact it is used by many enterprise companies including governments and Fortune 500 companies, and the United States Cyber Security and Infrastructure Agency is asking F5 users to patch their devices as soon as possible. While it is possible to apply mitigations against the vulnerability, they are only partially effective and patching as soon as possible is advised by F5.

Today a vulnerability assessment is a key responsibility of any IT security team. It primarily helps to report on any security vulnerabilities that exist in an organisation’s system and software. Vulnerabilities may allow an attacker to execute arbitrary system commands, create or delete files, disable services... An attacker can achieve a complete system compromise in minutes and these specific vulnerabilities can become massively exploited!

According to the advisory from F5, which was updated on July 6, this vulnerability may result in complete system compromise. F5 recommends in terms of mitigation, to permit management access to F5 products only over a secure network, and limit shell access to only trusted users. Luckily, AppCheck, a RedSpam partner, has released a new plug-in to detect recently discovered security flaws within F5 BIG-IP devices, CVE-2020-5902 and CVE-2020-5903.

How to prevent these vulnerabilities? AppCheck CVE-2020-5902 and CVE-2020-5903

  • CVE-2020-5902 is a Remote Code Execution (RCE) vulnerability. This vulnerability may allow an attacker to execute arbitrary system commands, create or delete files, disable service, and/or execute arbitrary Java code. It is possible for an attacker to achieve complete system compromise. F5 recommends upgrading to a fixed software version to fully mitigate this vulnerability.
  • CVE-2020-5903 is a Cross-site Scripting (XSS) vulnerability which exists in an undisclosed page of the BIG-IP Configuration utility. Cyber attackers can exploit this vulnerability to run JavaScript in the context of the currently logged in user, the vulnerability could be leveraged to completely compromise the BIG-IP system through Remote Code Execution.

Get started with your vulnerability scan

Whether you would like to prove how AppCheck can discover this specific vulnerability and discover the weaknesses of a given system contact us to undertake a FREE vulnerability scan with AppCheck or simply click the button below for more information.