Saturday, June 22, 2024

Critical RCE Flaw with F5 Let Remote Attackers Take Complete Control of the Device

Critical security vulnerabilities discovered with the F5 BIG-IP application delivery controller (ADC) let remote attackers to run commands and to compromise the system.

The BIG-IP application delivery controller (ADC) use to handle application traffic and secure your infrastructure.

Based on Shodan search more than 8,000 vulnerable devices available from the internet in the world, more than 40% from the united states, 16% in China, 3% in Taiwan, and 2.5% in Canada and Indonesia.

F5 BIG-IP Vulnerability

F5 BIG-IP Vulnerability

The vulnerability with the BIG-IP application delivery controller (ADC) was found by Positive Technologies researchers.

It allows a remote attacker to completely compromise the system and to intercept controller application traffic.

CVE-2020-5902 (CVSS score of 10)

This vulnerability poses the highest risk, it can be exploited by an attacker by sending a specifically crafted HTTP request to the server hosting the traffic management control utility (TMUI) for BIG-IP configuration.

“By exploiting this vulnerability, a remote attacker with access to the BIG-IP configuration utility could, without authorization, perform remote code execution (RCE1). The attacker can create or delete files, disable services, intercept information, run arbitrary system commands and Java code, completely compromise the system, and pursue further targets, such as the internal network,” said Researcher Mikhail Klyuchnikov.

CVE-2020-5903 (CVSS score of 7.5)

F5 also fixed XSS vulnerability that allows attackers to run running malicious JavaScript code as the logged-in user.

If the compromised user is an administrator then it leads to a full compromise of BIG-IP via RCE.

The vulnerabilities may result in full system compromise, it affects the following versions (11.6.x, 12.1.x, 13.1.x, 14.1.x, 15.0.x, 15.1.x), if you are running a vulnerable versions users are recommended to update with (,,,,

Rich Warren, a security researcher for the NCC Group spotted that hackers started exploiting the flaw to steal administrator passwords.

Considering the seriousness of vulnerability US Cyber Command urges F5 customers to patch CVE-2020-5902 and CVE-2020-5903 immediately.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Cisco, Palo Alto, F5 Networks VPN apps Vulnerabilities let Hackers to Control the Enterprise Internal Network


Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles