F5 Networks BIG-IP flaw is the latest to be exploited by hackers

Researchers identify ‘full chain exploitation’ targeting one of the seven now-patched remote code-execution flaws

Hackers are scanning the web for exposed and unpatched networking devices that fall under F5 Networks’ BIG-IP family of hardware and software products to gain access to vulnerable corporate networks.

A fortnight ago, F5 warned users about seven remote code execution vulnerabilities in its BIG-IP products, including four that were rated ‘critical’. Although fixes were released, researchers with NCC Group have now found evidence that cyber criminals have deployed a full chain exploitation against one of these flaws, tracked as CVE-2021-22986.

The remote code execution flaw, rated 9.8 on the CVSS threat severity scale, lies in the iControl REST interface for the BIG-IP family, and also affects the firm’s BIG-IQ products. Attackers are exploiting the vulnerability to execute arbitrary commands, create and delete files as well as disable services without authentication.

This was the second most severe bug that F5 patched after the 9.9-rated CVE-2021-22987, which manifested in the traffic management user interface (TMUI) when running BIG-IP in Appliance Mode.

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

“We strongly recommend that all customers update their BIG-IP and BIG-IQ deployments to a fixed version as soon as possible - this is the only way to fully address the vulnerabilities,” said F5 Networks’ SVP and GM for the Application Delivery Controller (ADC) business unit, Kara Spraque. 

“If you cannot update your systems immediately, we advise you to apply any additional mitigation recommendations detailed in the security advisories while developing a plan to complete the updates.” 

This is the 16th actively-exploited vulnerability identified in 2021, joining an expanding list that includes three vulnerabilities in Google Chrome, as well as four Microsoft Exchange Server flaws that devastated a string of businesses.

The discovery of this full chain exploitation follows several proofs-of-concept for exploitation methods against the F5 Networks vulnerability.

Over the last few days, NCC Group has detected a rise in scanning activity, and multiple exploitation attempts against honeypot infrastructure that researchers had set up to monitor malicious activity. This knowledge has led them to believe that a public exploit is likely to be in the public domain very shortly.

Researchers with Unit 42, meanwhile, have seen evidence that a variant of the Mirai botnet has attempted to exploit CVE-2021-22986, as well as CVE-2020-28188, a remote code execution flaw in the TerraMaster operating system for storage appliances. This latter was discovered last year.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021