Monday, March 17, 2025
Follow us On Linkedin
HomeCVE/vulnerabilityCritical RCE Flaw with F5 Let Remote Attackers Take Complete Control of...

Critical RCE Flaw with F5 Let Remote Attackers Take Complete Control of the Device

CVE/vulnerability

Published on

By Gurubaran
F5 BIG-IP Vulnerability

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Critical security vulnerabilities discovered with the F5 BIG-IP application delivery controller (ADC) let remote attackers to run commands and to compromise the system.

The BIG-IP application delivery controller (ADC) use to handle application traffic and secure your infrastructure.

Based on Shodan search more than 8,000 vulnerable devices available from the internet in the world, more than 40% from the united states, 16% in China, 3% in Taiwan, and 2.5% in Canada and Indonesia.

F5 BIG-IP Vulnerability

F5 BIG-IP Vulnerability

The vulnerability with the BIG-IP application delivery controller (ADC) was found by Positive Technologies researchers.

It allows a remote attacker to completely compromise the system and to intercept controller application traffic.

CVE-2020-5902 (CVSS score of 10)

This vulnerability poses the highest risk, it can be exploited by an attacker by sending a specifically crafted HTTP request to the server hosting the traffic management control utility (TMUI) for BIG-IP configuration.

“By exploiting this vulnerability, a remote attacker with access to the BIG-IP configuration utility could, without authorization, perform remote code execution (RCE1). The attacker can create or delete files, disable services, intercept information, run arbitrary system commands and Java code, completely compromise the system, and pursue further targets, such as the internal network,” said Researcher Mikhail Klyuchnikov.

CVE-2020-5903 (CVSS score of 7.5)

F5 also fixed XSS vulnerability that allows attackers to run running malicious JavaScript code as the logged-in user.

If the compromised user is an administrator then it leads to a full compromise of BIG-IP via RCE.

The vulnerabilities may result in full system compromise, it affects the following versions (11.6.x, 12.1.x, 13.1.x, 14.1.x, 15.0.x, 15.1.x), if you are running a vulnerable versions users are recommended to update with (11.6.5.2, 12.1.5.2, 13.1.3.4, 14.1.2.6, 15.1.0.4).

Rich Warren, a security researcher for the NCC Group spotted that hackers started exploiting the flaw to steal administrator passwords.

Considering the seriousness of vulnerability US Cyber Command urges F5 customers to patch CVE-2020-5902 and CVE-2020-5903 immediately.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read

Cisco, Palo Alto, F5 Networks VPN apps Vulnerabilities let Hackers to Control the Enterprise Internal Network

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

AI

AI Operator Agents Helping Hackers Generate Malicious Code

Symantec's Threat Hunter Team has demonstrated how AI agents like OpenAI's Operator can now...
cyber security

BlackLock Ransomware Strikes Over 40 Organizations in Just Two Months

In a concerning escalation of cyber threats, the BlackLock ransomware group has executed a...
Android

Android Malware Disguised as DeepSeek Steals Users’ Login Credentials

A recent cybersecurity threat has emerged in the form of Android malware masquerading as...
cyber security

Millions of RSA Keys Exposed, Revealing Serious Exploitable Flaws

A recent study has highlighted a significant vulnerability in RSA keys used across the...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

CVE/vulnerability

ManageEngine Analytics Vulnerability Enables User Account Takeover

A significant security vulnerability has been identified in ManageEngine's Analytics Plus on-premise solution, affecting...
CVE/vulnerability

Hackers Exploit Tomcat Vulnerability to Hijack Apache Servers

A recent and significant cybersecurity threat has emerged involving a critical vulnerability in Apache...
CVE/vulnerability

Adobe Acrobat Vulnerabilities Enable Remote Code Execution

A recent disclosure by Cisco Talos' Vulnerability Discovery & Research team highlighted several vulnerability...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved