MUST READ

Qantas cuts executive bonuses by 15% after a July data breach

 | 

MeetC2 - A serverless C2 framework that leverages Google Calendar APIs as a communication channel

 | 

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

 | 

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

 | 

SVG files used in hidden malware campaign impersonating Colombian authorities

 | 

France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules

 | 

$10M reward for Russia's FSB officers accused of hacking US Critical infrastructure

 | 

Severe Hikvision HikCentral product flaws: What You Need to Know

 | 

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

 | 

Google addressed two Android flaws actively exploited in targeted attacks

 | 

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

 | 

Android droppers evolved into versatile tools to spread malware

 | 

Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

 | 

Cloudflare blocked a record 11.5 Tbps DDoS attack

 | 

Palo Alto Networks disclosed a data breach linked to Salesloft Drift incident

 | 

Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely

 | 

Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

 | 

Crooks exploit Meta malvertising to target Android users with Brokewell

 | 

North Korea’s APT37 deploys RokRAT in new phishing campaign against academics

 | 

Fraudster stole over $1.5 million from city of Baltimore

 | 

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Pierluigi Paganini July 06, 2020

Attackers are already attempting to exploit the recently fixed bug in F5 Networks BIG-IP product, security experts warn.

A few days after the disclosure of the vulnerability in the F5 Networks BIG-IP product threat actors started exploiting it in attacks in the wild. F5 Networks has recently addressed a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-5902, that resides in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP product.

The BIG-IP product is an application delivery controller (ADC), it is used by government agencies and major business, including banks, services providers and IT giants like Facebook, Microsoft and Oracle.

F5 Networks says the BIG-IP devices are used on the networks of 48 companies included in the Fortune 50 list.

The vulnerability could be exploited by attackers to gain access to the TMUI component to execute arbitrary system commands, disable services, execute arbitrary Java code, and create or delete files, and potentially take over the BIG-IP device

The CVE-2020-5902 vulnerability received a CVSS score of 10, this means that is quite easy to exploit. The issue could be exploited by sending a specifically crafted HTTP request to the server hosting the Traffic Management User Interface (TMUI) utility for BIG-IP configuration.

US Cyber Command is urging organizations using the F5 product to immediately patch their installs.

Unfortunately, the forecast was right, hackers have started targeting F5 BIG-IP equipment exposed online.

Researchers Rich Warren from NCC Group told ZDNet that hackers are attempting to exploit the flaw to steal administrator passwords from the hacked devices.

The attacks began immediately after the US Cyber Command’s alert. The attacks against Warren’s honeypots originated from five different IP addresses.

Experts believe that nation-state actors will likely start exploiting the flaw very soon. To have an idea of the potential impact of the issue, let’s consider thousand of vulnerable devices are exposed online. Researchers from Bad Packers have located 1,832 vulnerable F5 hosts online.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, F5)

[adrotate banner=”5″]

[adrotate banner=”13″]

F5 Networks BIG-IP Hacking hacking news information security news IT Information Security malware Pierluigi Paganini RCE Security Affairs Security News

you might also like

Pierluigi Paganini September 06, 2025
Qantas cuts executive bonuses by 15% after a July data breach
Read more
Pierluigi Paganini September 06, 2025
MeetC2 - A serverless C2 framework that leverages Google Calendar APIs as a communication channel
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Qantas cuts executive bonuses by 15% after a July data breach

Data Breach / September 06, 2025

MeetC2 - A serverless C2 framework that leverages Google Calendar APIs as a communication channel

Security / September 06, 2025

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

Hacking / September 05, 2025

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

Breaking News / September 05, 2025

SVG files used in hidden malware campaign impersonating Colombian authorities

Malware / September 05, 2025