How Critical F5 BIG-IP Bug Attack After the PoC Exploited Online?

How Critical F5 BIG-IP Bug Attack After the PoC Exploited Online?

The security organization named F5 released a security patch after 10 days for the vulnerabilities present in BIG-IP and BIG-IG products, which authorize and started the scanning and targeting the unsecured devices and infect the network of organizations.

However, this news comes out after the proof-of-concept code was published this week. These mass scans are started on March 18 using the reverse-engineering and the Java software patch present in BIG-IP.

Which Vulnerabilities Hacker Misused?

How Critical F5 BIG-IP Bug Attack After the PoC Exploited Online?

The vulnerabilities present in BIG-IP version 11.6 or 12.x is new and in a critical state that uses remote code execution, identified as CVE-2021-22986 that also impact another version of BIG-IQ 6.x and 7.x which are identified as CVE-2021-22986 which is not authorized and permits the attackers to execute the arbitrary commands while creating or deleting the files and disabling the services without the user authentication.

This type of exploitation may give complete control to the infected systems and they also have the possibility that remote code execution is triggered and may lead to the DoS attack.

Whereas, the organization F5 said that they were not aware of this issue and after the investigation, they found some evidence that was related to full chain exploitation of F5 BIG-IP or BIG-IQ iControl REST API vulnerabilities noted as CVE-2021-22986 while waking the multiple exploitations that used in against the honeypot infrastructure.

The researchers said that they discovered several chances that the malware is trying to installing its variant into the infected systems as Mirai botnet and it is still not clear that these attacks are successfully executed or not.

As the BIG-IP and BIG-IQ are getting popular in private as well as in the government sector, then it is very obvious that why the hackers are targeting the same organization a second time in a year.

Summering Up

However, in July the company also discovered a similar issue named CVE-2020-5902 that is executed by the Chinese and Iranian state-sponsored hacking group. The attack was identified by CISA and they also issue an alert message that states this scanning activity happens by using these vulnerabilities present in federal departments and organizations.

All of that is this flaw affects all the BIG-IP and BIG-IQ users and customers and the organization also requests all the users to update the security patch that fixed these vulnerabilities asap.

Leave a Reply