News Cybercriminals try to steal administrator passwords from F5 BIG-IP devices


Jun 28, 2020
Reaction score
Attackers began to exploit the vulnerability in F5 BIG-IP three days after its disclosure.


NCC Group security researcher Rich Warren has documented a series of cyber attacks on F5 BIG-IP network devices. According to the expert, attackers exploit a vulnerability in the configuration interface of the popular BIG-IP application delivery controller in order to steal administrator passwords from hacked devices.

These devices are one of the most popular network products and are used to support some major global networks. BIG-IP devices are used in government networks, in the networks of Internet service providers, in cloud computing data centers and are widely used in corporate networks.

Earlier, Positive Technologies specialist Mikhail Klyuchnikov identified a critical vulnerability (CVE-2020-5902) of remote code execution in BIG-IP devices. Exploiting the vulnerability allows executing commands on behalf of an unauthorized user and completely compromising the system, for example, intercepting the traffic of web resources controlled by the controller. The problem received a maximum score of 10 on the CVSSv3 scale.

Two days after F5 Networks released a fix for this problem, security researchers began to actively publish PoC codes to exploit the vulnerability.

According to Warren, who used BIG-IP handles (servers that simulate BIG-IP devices), he recorded malicious attacks from five different IP addresses.
Top Bottom