About Bechtle
Newsroom
IT Solutions
2020
Critical vulnerability in F5 Big IP security systems allows the execution of arbitrary code – This is how to act
IT Solutions - Jul 13, 2020

Critical vulnerability in F5 Big IP security systems allows the execution of arbitrary code - This is how to act.

by Charles Kionga

F5 Networks has announced a critical vulnerability in security systems that are frequently used by customers in the DMZ. Successful exploitation of this vulnerability enables attackers to run arbitrary code with administrator rights on the target system. The code is simply sent as a specially formatted query to the Traffic Management User Interface without the need for any previous authentication.

Written by

Charles Kionga
Principal Consultant Geschäftsbereichsleitung IT-Security

E-Mail: Charles.Kionga@bechtle.com

The Traffic Management User Interface (TMUI), also known as Configuration Utility, is susceptible to a Remote Code Execution Vulnerability (CVE-2020-5902). Proof-of-concept exploit codes are already making the rounds which means the vulnerability has already been exploited. There is, therefore, an urgent need to take action.

Which systems are affected?

The vulnerability affects all Big-IP systems up to and including version 15.x. Version 16.x is not affected.

      

Product

Ver.

Vulnerable versions

Resolved in

Criticality

CVSSv3 score

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, AWAF, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO)

16.xNone16.0.0

Not vulnerable

None

15.x15.0.0 - 15.1.015.1.0.4

Critical

10.0
14.x14.1.0 - 14.1.214.1.2.6
13.x13.1.0 - 13.1.313.1.3.4
12.x12.1.0 - 12.1.512.1.5.2
11.x11.6.1 - 11.6.511.6.5.2

How can you protect yourself?

Install the corresponding security updates as soon as possible.

If the Traffic Management User Interface could be accessed from the internet, there is a very high probability that the system has already been compromised. The F5 Knowledge Base article about this vulnerability (Indications of Compromise) provides additional information on how to detect a compromise. If there is any uncertainty, the affected system should be reset. More information can be found in the F5 article Considerations and guidance when you suspect a security compromise on a BIG-IP system.

 IT-Security @Bechtle       Holistic security strategies

Share this page

Facebook Bechtle LinkedIn Bechtle Mail Bechtle WhatsApp Bechtle XING Bechtle
This post was published on Jul 13, 2020.

Promotion

Zero Day Protection

Hacker nutzen zunehmend raffinierte Methoden, um in Unternehmensnetzwerke einzudringen. In jüngster Vergangenheit wurden Malware eingeschleust, Systeme verschlüsselt und anschließend Lösegeld gefordert. Lösegelderpressung ist das neue lukrative Geschäftsmodell der Entwickler von „Ransomware“.

Promotion

Perimeter Security – Cisco

Hacker nutzen zunehmend raffinierte Methoden, um in Unternehmensnetzwerke einzudringen. In jüngster Vergangenheit wurden Malware eingeschleust, Systeme verschlüsselt und anschließend Lösegeld gefordert. Lösegelderpressung ist das neue lukrative Geschäftsmodell der Entwickler von „Ransomware“.

Promotion

Zero Day Protection

Hacker nutzen zunehmend raffinierte Methoden, um in Unternehmensnetzwerke einzudringen. In jüngster Vergangenheit wurden Malware eingeschleust, Systeme verschlüsselt und anschließend Lösegeld gefordert. Lösegelderpressung ist das neue lukrative Geschäftsmodell der Entwickler von „Ransomware“.

Promotion

Zero Day Protection

Endpoint Security bedeutet den Schutz aller Geräte, die in der Hand der Endanwender liegen. Das sind PCs, Macs, Linux-Rechner oder die verschiedensten Mobilgeräte.

 

IT & Cyber Security ▷ Bechtle protects your company

IT & Cyber Security: For an all-round protection package for every entrepreneur ➥ SIEM ✓ Machine Learning ✓ Forensic Tools ✓ Find out more now at Bechtle.

Promotion

Zero Day Protection

Hacker nutzen zunehmend raffinierte Methoden, um in Unternehmensnetzwerke einzudringen. In jüngster Vergangenheit wurden Malware eingeschleust, Systeme verschlüsselt und anschließend Lösegeld gefordert. Lösegelderpressung ist das neue lukrative Geschäftsmodell der Entwickler von „Ransomware“.

Promotion

Zero Day Protection

Endpoint Security bedeutet den Schutz aller Geräte, die in der Hand der Endanwender liegen. Das sind PCs, Macs, Linux-Rechner oder die verschiedensten Mobilgeräte.

 

Two-factor authentication

Promotion

Endpoint Security – Cisco

Endpoint Security bedeutet den Schutz aller Geräte, die in der Hand der Endanwender liegen. Das sind PCs, Macs, Linux-Rechner oder die verschiedensten Mobilgeräte.

 

Infrastructure & Perimeter Security ▷ Securing corporate infrastructure

Infrastructure Security ➥ For network security and corporate infrastructure security ✓ IT Perimeter Security ✓ View Bechtle's services now

Promotion

CyberArk security solutions | Reliable protection

Protect sensitive business data with CyberArk security solutions ➥ A reliable expert in the protection of user accounts.

 

Application Security ▷ Security Solutions from Bechtle

Application Security ➠ Fully protect critical enterprise applications ✔ Web Application Firewalls ✔ Learn more!

 

IT security ▷ Protect your business against threats

IT security – Equip yourself with Bechtle’s holistic security offering to protect against threats ➥ Secure your business ✓ Protect yourself today.

Promotion

Proofpoint cybersecurity solutions | Cybersecurity

Proofpoint cybersecurity solutions Protect your employees and enterprise against targeted threats and compliance risks.

Promotion

Mimecast e-mail security | Software solutions

Mimecast software solutions ✔ E-mail security with cloud suite ✔ Become an expert with Bechtle ✔ Find out more with Bechtle.

Promotion

cyber-crime

Die richtigen Bausteine für Ihre Security-Strategie. Erpresserische Ransomware sorgt immer wieder dafür, dass IT-Security in die Schlagzeilen kommt. Andere Cyberbedrohungen dagegen treten in der Öffentlichkeit weniger in Erscheinung – und können trotzdem viel gefährlicher sein.

 

 

Workplace Security ▷ Security solutions from Bechtle

Companies are working more and more mobile, with employee smartphones and laptops. ➥ We show you how to master the Workplace Security challenge.

Blog

PAM for endpoints.

PAM is a secure and very flexible way to manage highly granular access rights.

Blog

Critical infrastructures – A focus on IT security

Cybersecurity is a defining topic for politics, society, administration and companies. This is also because cyber criminals often target critical infrastructures (KRITIS). Find out what these are, what is about to change and how Bechtle can support critical organisations here.

 

NetApp ONTAP Data Management | The ultimate ransomware solution

Protect your business from costly ransomware attacks with CryptoSpike – Specially designed for NetApp ONTAP storage systems. Learn more!

Promotion

WithSecure Elements | The platform for all your security needs

Want to manage all your security needs from a single console? WithSecure Elements gives you the simple, flexible and clear solutions. Find out more at Bechtle now!

Promotion

Rubrik – The next frontier in cybersecurity is data security

Keep your data secure, monitor data risk, and quickly recover your data, wherever it lives with Rubrik Security Cloud. LEARN MORE >

Promotion

Barracuda –The world’s most comprehensive and simple e-mail protection

Barracuda E-mail Protection offers end-to-end defence against all types of e-mail borne threats—from spam and ransomware to social engineering.

 

Udo Stiefvater

Udo Stiefvater has been Managing Director of the Bechtle IT system house in Freiburg since 1999. Among other things, from 2005 onwards, he built up the data protection and information security department and established it as a supplement to the IT security team.

O