Critical F5 BIG-IP flaw now targeted in active attacks


A recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices were found to be exploited in the wild.

According to cybersecurity firm NCC Group, multiple exploitation attempts have been observed against their honeypot infrastructure. They assess that a public exploit is likely to be available in the public domain soon.

The attackers are trying to exploit an unauthenticated remote command execution (RCE) vulnerability tracked as CVE-2021-22986, and it affects most F5 BIG-IP and BIG-IQ software versions.

Multiple security researchers have already shared proof-of-concept exploit code after reverse-engineering the BIG-IP patch.

On successful exploitation of this bug that has a severity rating of 9.8, full system can compromise, including lateral movement to the internal network and interception of controller application traffic.

A similarly critical RCE vulnerability with a maximum 10/10 severity rating tracked as CVE-2020-5902 in F5 BIG-IP ADC appliances was also heavily exploited last year after being patched in July 2020.

It was found that Iranian-backed Pioneer Kitten hacking group started targeting enterprises with unpatched BIG-IP devices soon after the flaw was disclosed.

Their attacks lined up with an August alert issued by the FBI and warning of Iranian state hackers attempting to exploit vulnerable Big-IP ADC devices starting with early July 2020.

Security updates to patch CVE-2021-22986 and three other critical security flaws affecting the products was released and organizations are advised to patch their F5 BIG-IP devices as soon as possible to defend against future attacks.

F5 provides info on upgrading BIG-IP appliances with details on multiple upgrade scenarios. NCC Group also provides indicators of compromise, detection logic, and Suricata network rules to help admins detect and block incoming attacks.

Image Credits : Help Net Security

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Computer giant Acer hit by $50 million ransomware attack

    Previous article

    Energy giant Shell discloses data breach after Accellion hack

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *