{"id":1377,"date":"2021-03-22T18:16:43","date_gmt":"2021-03-22T12:46:43","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=1377"},"modified":"2021-06-07T11:10:30","modified_gmt":"2021-06-07T05:40:30","slug":"how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/","title":{"rendered":"How Critical F5 BIG-IP Bug Attack After the PoC Exploited Online?"},"content":{"rendered":"\n<p><p style=\"text-align: justify\">The security organization named F5 released a security patch after 10 days for the vulnerabilities present in BIG-IP and BIG-IG products, which authorize and started the scanning and targeting the unsecured devices and infect the network of organizations.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">However, this news comes out after the proof-of-concept code was published this week. These mass scans are started on March 18 using the reverse-engineering and the Java software patch present in BIG-IP.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Which Vulnerabilities Hacker Misused?<\/strong><\/h2>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"728\" height=\"298\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/03\/f5-big-ip-vulnerbality-exploited-image.jpg\" alt=\"How Critical F5 BIG-IP Bug Attack After the PoC Exploited Online?\" class=\"wp-image-1378\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/03\/f5-big-ip-vulnerbality-exploited-image.jpg 728w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/03\/f5-big-ip-vulnerbality-exploited-image-300x123.jpg 300w\" sizes=\"(max-width: 728px) 100vw, 728px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify\">The vulnerabilities present in BIG-IP version 11.6 or 12.x is new and in a critical state that uses remote code execution, identified as CVE-2021-22986 that also impact another version of BIG-IQ 6.x and 7.x which are identified as CVE-2021-22986 which is not authorized and permits the attackers to execute the arbitrary commands while creating or deleting the files and disabling the services without the user authentication.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">This type of exploitation may give complete control to the infected systems and they also have the possibility that remote code execution is triggered and may lead to the DoS attack.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">Whereas, the organization F5 said that they were not aware of this issue and after the investigation, they found some evidence that was related to full chain exploitation of F5 BIG-IP or BIG-IQ iControl REST API vulnerabilities noted as CVE-2021-22986 while waking the multiple exploitations that used in against the honeypot infrastructure.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">The researchers said that they discovered several chances that the malware is trying to installing its variant into the infected systems as Mirai botnet and it is still not clear that these attacks are successfully executed or not.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">As the BIG-IP and BIG-IQ are getting popular in private as well as in the government sector, then it is very obvious that why the hackers are targeting the same organization a second time in a year.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Summering Up<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify\">However, in July the company also discovered a similar issue named CVE-2020-5902 that is executed by the Chinese and Iranian state-sponsored hacking group. The attack was identified by CISA and they also issue an alert message that states this scanning activity happens by using these vulnerabilities present in federal departments and organizations.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">All of that is this flaw affects all the BIG-IP and BIG-IQ users and customers and the organization also requests all the users to update the security patch that fixed these vulnerabilities asap.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The security organization named F5 released a security patch after 10 days for the vulnerabilities present in BIG-IP and BIG-IG products, which authorize and started the scanning and targeting the unsecured devices and infect the network of organizations. However, this news comes out after the proof-of-concept code was published this week. These mass scans are [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1379,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How Critical F5 BIG-IP Bug Attack After the PoC Exploited Online? - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Critical F5 BIG-IP Bug Attack After the PoC Exploited Online? - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"The security organization named F5 released a security patch after 10 days for the vulnerabilities present in BIG-IP and BIG-IG products, which authorize and started the scanning and targeting the unsecured devices and infect the network of organizations. However, this news comes out after the proof-of-concept code was published this week. These mass scans are [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-22T12:46:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-07T05:40:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/03\/f5-big-ip-vulnerbality-exploited-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"675\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"How Critical F5 BIG-IP Bug Attack After the PoC Exploited Online?\",\"datePublished\":\"2021-03-22T12:46:43+00:00\",\"dateModified\":\"2021-06-07T05:40:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/\"},\"wordCount\":397,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/\",\"url\":\"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/\",\"name\":\"How Critical F5 BIG-IP Bug Attack After the PoC Exploited Online? - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-03-22T12:46:43+00:00\",\"dateModified\":\"2021-06-07T05:40:30+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Critical F5 BIG-IP Bug Attack After the PoC Exploited Online?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Critical F5 BIG-IP Bug Attack After the PoC Exploited Online? - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/","og_locale":"en_US","og_type":"article","og_title":"How Critical F5 BIG-IP Bug Attack After the PoC Exploited Online? - Xiarch Solutions Private Limited","og_description":"The security organization named F5 released a security patch after 10 days for the vulnerabilities present in BIG-IP and BIG-IG products, which authorize and started the scanning and targeting the unsecured devices and infect the network of organizations. However, this news comes out after the proof-of-concept code was published this week. These mass scans are [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-03-22T12:46:43+00:00","article_modified_time":"2021-06-07T05:40:30+00:00","og_image":[{"width":1200,"height":675,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/03\/f5-big-ip-vulnerbality-exploited-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"How Critical F5 BIG-IP Bug Attack After the PoC Exploited Online?","datePublished":"2021-03-22T12:46:43+00:00","dateModified":"2021-06-07T05:40:30+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/"},"wordCount":397,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/","url":"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/","name":"How Critical F5 BIG-IP Bug Attack After the PoC Exploited Online? - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-03-22T12:46:43+00:00","dateModified":"2021-06-07T05:40:30+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/how-critical-f5-big-ip-bug-attack-after-the-poc-exploited-online\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How Critical F5 BIG-IP Bug Attack After the PoC Exploited Online?"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1377"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=1377"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1377\/revisions"}],"predecessor-version":[{"id":1380,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1377\/revisions\/1380"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/1379"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=1377"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=1377"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=1377"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}