Hackers are actively exploiting two unrelated high-severity vulnerabilities that allow unauthenticated access or even a complete takeover of networks managed by Fortune 500 companies and government organizations.
The more serious vulnerabilities point to a critical vulnerability in the F5 Big-IP Advanced Delivery Controller, a device that is typically placed between a perimeter firewall and a web application to handle load balancing and other tasks. The vulnerability, which F5 patched three weeks ago, allows unauthenticated attackers to remotely execute commands or code of their choice. Attackers can use their control of the device to hijack the internal network to which it is connected.
Prescient
The presence of a remote code execution failure on a device located in such a sensitive part of a network gave the vulnerability a maximum severity rating of 10. Immediately after F5 released a patch on June 30, professionals Security predicted that the flaw is traced as CVE-2020-5902, it would be exploited against any vulnerable networks that did not quickly install the update. On Friday, the United States Cybersecurity and Infrastructure Security Agency (CISA) issued a notice showing those prophetic warnings.
“CISA has made incident response commitments in commercial and US government entities where malicious cyber threat actors have exploited CVE-2020-5902, an RCE vulnerability in the BIG traffic management user interface -IP (TMUI), to take control of the victim’s systems. ” The declared notice.
Officials continued:
CISA has observed scanning and recognition, as well as confirmed commitments, within days of the release of the F5 patch for this vulnerability. Since July 6, 2020, CISA has seen extensive activity exploring the presence of this vulnerability in federal departments and agencies; This activity currently occurs as of the publication of this Alert.
CISA has been working with various entities in multiple sectors to investigate possible commitments related to this vulnerability. CISA has confirmed two commitments and continues to investigate. CISA will update this alert with any additional actionable information.
Et you, Cisco?
Attackers are exploiting a second vulnerability found in two network products sold by Cisco. Tracked as CVE-2020-3452, the route path defect resides in the company’s adaptive security device and defense systems against firepower threats. It allows unauthenticated people to remotely view sensitive files that, among other things, can reveal WebVPN settings, bookmarks, web cookies, partial web content, and HTTP URLs. Cisco released a patch on Wednesday. A day later, he updated his notice.
“Cisco has become aware of the availability of the public exploitation code and the active exploitation of the vulnerability described in this notice,” the update said. “Cisco encourages customers with affected products to upgrade to a fixed version as soon as possible.”
Proof-of-concept code began circulating almost immediately after Cisco issued the solution, triggering a race between attackers and defenders.
The impact of these vulnerabilities, particularly the one affecting F5 clients, is severe. These attacks in the wild provide ample reason to occupy the weekend of any IT administrator who has not yet patched their vulnerable systems.
