Enterprise security provider F5 has disclosed details of a critical vulnerability affecting their BIG-IP systems used by governments and global enterprises.
The flaw in the Traffic Management User Interface of the BIG-IP Application Delivery Controller allows an unauthenticated attacker to perform remote code execution. The vulnerability ( CVE-2020-5902) is rated the top CVSS rating of 10/10 because, according to F5:
All information present on an infiltrated system should be considered compromised. This includes, but is not limited to, logs, configurations, credentials, and digital certificates.
Full details of the vulnerability and how to remediate it are detailed on the F5 Website.
The urgency of this vulnerability makes it an interesting case study for network managers to consider how they could respond to a similar vulnerability that impacts their own network. US Cyber Command took to Twitter to advise affected organisation: “patching CVE-2020-5902 and 5903 should not be postponed over the weekend. Remediate immediately.” This is really one of the rare cases where security teams need to: drop everything and deal with it right now.
Even though F5 recommends that public access to management interfaces is blocked as a matter of best practice, over 8000 devices were visible on the internet through Shodan searches according to researchers when the vulnerability was first published.
“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”
Aim Ltd Chief Technology Officer (CTO)