The Critical F5 BIG-IP Vulnerability

A huge and critical vulnerability broke this week making headlines across cyber news sites. Why is this vulnerability worse than any of the others? Haven’t we seen it all by now?

In case you are wondering what the F5 BIG-IP device actually is, it is a family of products covering hardware and software from American technology company F5, specializing in application security, multi-cloud management, online fraud prevention, application delivery networking (ADN), application availability & performance, network security, and access & authorization. So pretty vital stuff. 

F5 released the CVE publicly so that companies could immediately patch the issue, a bug that allows remote attackers to execute commands on BIG-IP network devices as ‘root’ without authentication. Unavoidably, threat actors saw it too and began to take advantage of the bug on those who weren’t quick enough to patch it. 

Most of the known attacks involved entering networks and dropping webshells (malicious scripts that enable threat actors to compromise web servers and launch additional attacks) or stealing SSH keys or enumerating system information. The SANS Internet Storm Center (ISC), whose work involves monitoring current online security attacks and publishing information about them, discovered two major attacks that ran the ‘rm -rf /*’ linux command on two unpatched BIG-IP devices- rendering the devices unusable. [‘rm -rf /*’ is a powerful command used to force deletion of files and non-empty directories.]

Advice from F5 includes:

  • Update to a fixed version of BIG-IP or implement one of the mitigations detailed in the security advisory
  • Never expose your BIG-IP management interface (TMUI) to the internet 
  • Ensure access controls are properly in place to limit access  

For those affected by attacks on their BIG-IP devices, F5 told BleepingComputer.com that their Security Incident Response Team is available 24 hours a day, seven days a week, and can be contacted at (888) 882-7535, (800) 11-275-435, or online. 

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days