Cybercriminals are trying to take advantage of a recently discovered flaw in F5 Networks’ BIG-IP multi-purpose networking devices, a new report claims.
According to Positive Technologies’ cybersecurity researcher Mikhail Klyuchnikov, the vulnerability can be used to install cryptocurrency miners on the affected devices, as well as IoT malware. Furthermore, in some cases, criminals could use the flaw to steal admin credentials.
CVE-2020-5902 is a critical remote code execution vulnerability in the configuration interface (Traffic Management User Interface, or TMUI) of BIG-IP devices. According to the report, some of the world’s biggest companies use these. For it to be exploited, the criminal needs to send a custom-built HTTP request to the server hosting the TMUI utility for BIG-IP configuration.
“By exploiting this vulnerability, a remote attacker with access to the BIG-IP configuration utility could, without authorization, perform remote code execution. The attacker can create or delete files, disable services, intercept information, run arbitrary system commands and Java code, completely compromise the system, and pursue further targets, such as the internal network,” the researcher noted.
“RCE in this case results from security flaws in multiple components, such as one that allows directory traversal exploitation. This is particularly dangerous for companies whose F5 BIG-IP web interface is listed on search engines such as Shodan. Fortunately, most companies using the product do not enable access to the interface from the internet.”
According to Shodan, the IoT search engine, there are roughly 8,500 vulnerable devices on the internet, with four in ten being in the States.
All users are urged to patch their devices as soon as possible, to avoid potential trouble. A full list of vulnerable devices, as well as their corresponding patches, can be found on this link.