1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Major F5 exploit has been used to attack and wipe devices

    From TechnologyDaily@1337:1/100 to All on Wed May 11 13:15:03 2022
    Major F5 exploit has been used to attack and wipe devices

    Date:
    Wed, 11 May 2022 12:08:48 +0000

    Description:
    Most attackers would rather benefit from the flaw than wreak simple havoc.

    FULL STORY ======================================================================

    Following the recent discovery of a super-high-severity vulnerability
    plaguing F5s BIG-IP endpoints, experts have now discovered some threat actors are already abusing the flaws to try and completely wipe affected devices, adding further credence to their warnings.

    Security researchers from SANS Internet Storm Center said that their
    honeypots received two attacks from a single IP address, both trying to execute the rm -rf /* command on the target endpoint .

    This command erases all of the files found on the system, including configuration files needed for the device to function properly. Rare occurrences

    These findings were also confirmed by a third party after as security researcher Kevin Beaumont took to Twitter to say: "Can confirm. Real world devices are being erased this evening, lots on Shodan have stopped responding."

    Even though this probably wont be much of a comfort, the attacks dont seem to be that widespread. Instead, the majority of threat actors are more
    interested in the benefit they can extract from this vulnerability, rather than wreaking havoc.

    Other cybersecurity firms, such as Bad Packets, or GreyNoise, told the publication that most attacks coming into their honeypots are webshells
    drops, config exfiltration, or attempts to create admin accounts on the
    target endpoint.

    F5 knows about the attacks, the publication confirmed and urged admins not to expose BIG-IP management interfaces to the Internet. Read more

    This F5 security flaw is one of the most dangerous ever seen


    Zyxel finally patches dangerous VPN and Firewall flaws


    AMD forced to fix Spectre patch after Intel reveals flaws

    The flaw is tracked as CVE-20221388 and carries a severity rating of 9.8/10. The affected devices are used by 48 members of the Fortune 50 group of companies, with around 16,000 endpoints able to be discovered online. As
    these devices are used to manage web server traffic, they can often see decrypted contents of HTTPS-protected traffic, adding an extra level of threat.

    The flaw in question revolves around the way admins confirm their identities when logging into iControl REST, a programming interface used to manage
    BIG-IP gear. In other words, people can pretend to be an admin, allowing them to run commands on different endpoints.

    Patches, as well as workarounds, are already available. These are the best firewalls around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/major-f5-exploit-has-been-used-to-attack-and-wi pe-devices/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)