A particularly dangerous vulnerability has been uncovered in F5’s BIG-IP networking devices produced by F5, impacting enterprise networks across the globe.
According to F5, the remote code execution vulnerability exists in the traffic management user interface of the company’s BIG-IP networking devices, allowing unauthenticated attackers to launch RCE attacks, including creating or deleting files, disabling services and issuing other arbitrary system commands.
The vulnerability was rated “critical” and given a 10/10, the highest possible severity score, by the Common Vulnerability Scoring System. A patch was quickly developed, but information security professionals say the attack is simple to carry out and organizations may have already missed their opportunity to avoid exploitation.
Federal is computer science engineering agencies sounded the alarm because the networking devices are a popular choice to support many enterprise; researchers have found thousands of such devices connected to the internet through Shodan. Government contracting records show a number of agencies that have either procured F5 BIG-IP devices or maintenance services for existing devices over the past five years, including the Departments of Commerce, Defense, State, multiple branches of the military, the FBI and a number of smaller agencies.
According to F5, the remote code execution vulnerability exists in the traffic management user interface of the company’s BIG-IP networking devices, allowing unauthenticated attackers to launch RCE attacks, including creating or deleting files, disabling services and issuing other arbitrary system commands.
The vulnerability was rated “critical” and given a 10/10, the highest possible severity score, by the Common Vulnerability Scoring System. A patch was quickly developed, but information security professionals say the attack is simple to carry out and organizations may have already missed their opportunity to avoid exploitation.
Federal is computer science engineering agencies sounded the alarm because the networking devices are a popular choice to support many enterprise; researchers have found thousands of such devices connected to the internet through Shodan. Government contracting records show a number of agencies that have either procured F5 BIG-IP devices or maintenance services for existing devices over the past five years, including the Departments of Commerce, Defense, State, multiple branches of the military, the FBI and a number of smaller agencies.
No comments:
Post a Comment