Thursday, February 25, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

F5 patches vulnerability that received a CVSS 10 severity score

July 4, 2020
in Internet Security
F5 patches vulnerability that received a CVSS 10 severity score
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: ZDNet

F5 Networks, one of the world’s largest provider of enterprise networking gear, has published a security advisory this week warning customers to patch a dangerous security flaw that is very likely to be exploited.

The vulnerability impacts the company’s BIG-IP product. These are multi-purpose networking devices that can work as web traffic shaping systems, load balancers, firewalls, access gateways, rate limiters, or SSL middleware.

You might also like

Ukraine reports cyber-attack on government document management system

More than 6,700 VMware servers exposed online and vulnerable to major new bug

Google funds Linux kernel developers to work exclusively on security

BIP-IP is one of the most popular networking products in use today. They are used in government networks all over the globe, on the networks of internet service providers, inside cloud computing data centers, and widely across enterprise networks.

On its website, F5 says its BIG-IP devices are used on the networks of 48 companies included in the Fortune 50 list.

CVE-2020-5902

Tracked as CVE-2020-5902, the BIG-IP bug was found and privately reported to F5 by Mikhail Klyuchnikov, a security researcher at Positive Technologies.

The bug is a so-called “remote code execution” vulnerability in BIG-IP’s management interface, known as TMUI (Traffic Management User Interface).

Attackers can exploit this bug over the internet to gain access to the TMUI component, which runs on top of a Tomcat server on BIG-IP’s Linux-based operating system.

Hackers don’t need valid credentials to attack devices, and a successful exploit can allow intruders to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code — and eventually lead to attackers gaining full control over the BIG-IP device.

The vulnerability is so dangerous that it received the rare 10 out of 10 score on the CVSSv3 vulnerability severity scale. This score means the security bug is easy to exploit, automate, can be used over the internet, and doesn’t require valid credentials or advanced coding skills to take advantage of.

As a coincidence, this was the second 10/10 CVSS bug in a networking device disclosed this week, after a similar critical bug was revealed to impact Palo Alto Networks VPN and firewall devices on Monday.

Need for urgent patching

US Cyber Command issued a warning to the private and government sector this week to patch the Palo Alto bug — as they expected that foreign state hackers would attempt to exploit the vulnerability.

No official warning was issued by a US cyber-security agency, but the F5 bug is no less severe and just as dangerous as the Palo Alto one.

“The urgency of patching this [bug] cannot be understated,” said on Twitter this week Nate Warfield, a former F5 Networks engineer, and currently a security researcher at Microsoft.

“A common use of their technology is SSL offloading,” he added. “Full compromise of a system could, in theory, allow someone to snoop on unencrypted traffic inside the device.

“Their [management] OS is Linux based, and like most ADCs (application delivery controllers), they are deployed in core, high-access parts of networks.”

Currently, according to a Shodan search, there are around 8,400 BIG-IP devices connected online.

At the time of writing, several companies and security researchers in the cyber-security community have told ZDNet that they have not detected any attacks targeting these devices; but they fully expect attacks to begin soon, especially if a proof-of-concept exploit code is shared publicly online.

The F5 security for the CVE-2020-5902 BIG-IP TMUI RCE is available here, with information on vulnerable firmware versions and patches.


Credit: Zdnet

Previous Post

Top 10 Courses to Learn AI, Machine Learning and Deep Learning

Next Post

5 Ways Artificial Intelligence shapes the Future of Test Automation

Related Posts

Ukraine reports cyber-attack on government document management system
Internet Security

Ukraine reports cyber-attack on government document management system

February 25, 2021
More than 6,700 VMware servers exposed online and vulnerable to major new bug
Internet Security

More than 6,700 VMware servers exposed online and vulnerable to major new bug

February 25, 2021
Google funds Linux kernel developers to work exclusively on security
Internet Security

Google funds Linux kernel developers to work exclusively on security

February 25, 2021
Want to pass on your old PCs to good causes? Here’s how to do it while staying secure
Internet Security

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure

February 24, 2021
Red Hat closes StackRox Kubernetes security acquisition
Internet Security

Red Hat closes StackRox Kubernetes security acquisition

February 24, 2021
Next Post
5 Ways Artificial Intelligence shapes the Future of Test Automation

5 Ways Artificial Intelligence shapes the Future of Test Automation

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Ukraine reports cyber-attack on government document management system
Internet Security

Ukraine reports cyber-attack on government document management system

February 25, 2021
KPMG, BitGo, and Coin Metrics launch combined offering for public blockchains
Blockchain

KPMG, BitGo, and Coin Metrics launch combined offering for public blockchains

February 25, 2021
IBM Reportedly Retreating from Healthcare with Watson 
Artificial Intelligence

IBM Reportedly Retreating from Healthcare with Watson 

February 25, 2021
Using machine learning to identify blood biomarkers for early diagnosis of autism
Machine Learning

Using machine learning to identify blood biomarkers for early diagnosis of autism

February 25, 2021
Label a Dataset with a Few Lines of Code | by Eric Landau | Jan, 2021
Neural Networks

Label a Dataset with a Few Lines of Code | by Eric Landau | Jan, 2021

February 25, 2021
How to Identify and Prioritize Marketing Ideas
Marketing Technology

How to Identify and Prioritize Marketing Ideas

February 25, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Ukraine reports cyber-attack on government document management system February 25, 2021
  • KPMG, BitGo, and Coin Metrics launch combined offering for public blockchains February 25, 2021
  • IBM Reportedly Retreating from Healthcare with Watson  February 25, 2021
  • Using machine learning to identify blood biomarkers for early diagnosis of autism February 25, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates