Thousands of Exposed F5 BIG-IP Instances Vulnerable to Critical RCE Attacks
F5 BIG-APM Instances Vulnerable to Remote Code Execution Attacks
The US Cybersecurity and Infrastructure Security Agency (CISA) recently added a high-severity vulnerability in F5’s BIG-APM product to its list of actively exploited flaws, affecting more than 14,000 instances.
According to F5, the original vulnerability was initially disclosed in October but has now been re-categorized due to new information obtained in March.
Risks Associated with Unpatched Systems
Attackers can exploit the vulnerability to gain remote code execution on unpatched systems with access policies configured on a virtual server, potentially leading to breaches and data theft.
Mitigation Steps
- Check disk logs, terminal history, and configuration backups for signs of malicious activity.
- Rebuild affected systems from scratch if possible, as user configuration set (UCS) backups may have been created after the compromise occurred.
Recommendations
F5 advises organizations to prioritize patching their BIG-APM instances and taking proactive measures to prevent potential breaches, given the severity of this issue and previous attacks on similar vulnerabilities.
About Author
English