Following the released Security Advisory and Proof-of-Concept for the critical remote code execution (RCE) vulnerability found on F5’s BIG-IP products. Threat Actors are observed to have been leveraging unpatched and vulnerable devices to gain full control of an affected system.
Tracked as CVE-2020-5902, the flaw can allow a remote attacker to access the Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC) without authentication and perform remote code execution. Successful exploitation can allow attackers to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code that can lead to attackers gaining full control over the BIG-IP devices.
BIG-IP 11.6.x, 12.1.x, 13.1.x, 14.1.x, 15.0.x, and 15.1.x
CERT-PH recommends the following actions be taken:
Immediately apply and test the patch to the affected devices with their corresponding patched versions.
For further mitigation procedures, follow the detailed instructions on the recommended actions provided by F5 Networks, Inc.