IT Security Jul 13, 2020

Critical vulnerability in F5 Big IP security systems allows the execution of arbitrary code - This is how to act.

F5 Networks has announced a critical vulnerability in security systems that are frequently used by customers in the DMZ. Successful exploitation of this vulnerability enables attackers to run arbitrary code with administrator rights on the target system. The code is simply sent as a specially formatted query to the Traffic Management User Interface without the need for any previous authentication.

Share article

Charles Kionga
Principal Consultant Geschäftsbereichsleitung IT-Security

The Traffic Management User Interface (TMUI), also known as Configuration Utility, is susceptible to a Remote Code Execution Vulnerability (CVE-2020-5902). Proof-of-concept exploit codes are already making the rounds which means the vulnerability has already been exploited. There is, therefore, an urgent need to take action.

Which systems are affected?

The vulnerability affects all Big-IP systems up to and including version 15.x. Version 16.x is not affected.

      

Product

Ver.

Vulnerable versions

Resolved in

Criticality

CVSSv3 score

BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, AWAF, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO)

16.xNone16.0.0

Not vulnerable

None

15.x15.0.0 - 15.1.015.1.0.4

Critical

10.0
14.x14.1.0 - 14.1.214.1.2.6
13.x13.1.0 - 13.1.313.1.3.4
12.x12.1.0 - 12.1.512.1.5.2
11.x11.6.1 - 11.6.511.6.5.2

How can you protect yourself?

Install the corresponding security updates as soon as possible.

If the Traffic Management User Interface could be accessed from the internet, there is a very high probability that the system has already been compromised. The F5 Knowledge Base article about this vulnerability (Indications of Compromise) provides additional information on how to detect a compromise. If there is any uncertainty, the affected system should be reset. More information can be found in the F5 article Considerations and guidance when you suspect a security compromise on a BIG-IP system.