Serviceteam IT Security News

Security experts are urging F5 customers to patch a critical vulnerability in the vendor’s BIG-IP and BIG-IQ networking products after warning of mass exploitation attempts in the wild.

CVE-2021-22986 is a flaw in the products’ REST-based iControl management interface which could allow for authentication bypass and remote code execution.

With a CVSS rating of 9.8, it was patched on March 10 along with several other bugs that could be chained in attacks. These are: CVE-2021-22987, CVE-2021-22988, CVE-2021-22989 and CVE-2021-22990.

Although no public exploit was known about at the time of patching, a week later researchers began to post PoC code online after reverse engineering an F5 patch.

NCC Group warned on Friday that as the REST API in question is designed to facilitate remote administration, an attacker could choose from multiple endpoints in an organization which ones to target.

“Starting this week and especially in the last 24 hours (March 18th, 2021) we have observed multiple exploitation attempts against our honeypot infrastructure. This knowledge, combined with having reproduced the full exploit-chain we assess that a public exploit is likely to be available in the public domain soon,” it said.

“NCC Group believes it is in the best interests of all to release our internal notes and detection logic to prevent further harm once public exploits become available.”

Networking firm F5 serves some of the world’s biggest organizations, including tech and financial services giants, so both state actors and financially motivated cyber-criminals will be keen to probe for unpatched endpoints.

The US Cybersecurity and Infrastructure Security Agency (CISA) has already sounded the alarm, urging customers to patch the issue promptly.

However, as we’ve seen with the recent Exchange Server attacks, many organizations are finding it challenging to fix or mitigate issues quickly, even if official updates are available.

Vdoo CTO, Asaf Karas, argued that the threat landscape for connected products has become complicated and multi-dimensional.

“Networking devices such as load balancers and access gateways are desirable targets for threat actors, as they’re used to control the traffic in and out of large corporate networks, government agencies, data centers and across ISP infrastructure,” he added.

“Once inside the network, attackers can move laterally to take control of critical resources and data.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *