Urgent: Critical RCE Vulnerability Discovered in F5 Big-IP Platform—Immediate Patching Required!

On March 11, 2021, F5 Networks issued an advisory highlighting four severe vulnerabilities across various products that could lead to denial of service (DoS) attacks and unauthenticated remote code execution on affected networks. The advisory addresses a total of seven related flaws (CVE-2021-22986 through CVE-2021-22992), including two identified by Felix Wilhelm of Google Project Zero in December 2020. The four critical vulnerabilities impact BIG-IP versions 11.6, 12.x, and newer, with a notable pre-auth remote code execution issue (CVE-2021-22986) also affecting BIG-IQ versions 6.x and 7.x. F5 has stated that it is not currently aware of any public exploitation of these vulnerabilities. If successfully exploited, these flaws could lead to complete system compromise, enabling remote code execution and potential buffer overflow, resulting in DoS conditions. Customers are strongly urged to apply updates immediately.

Critical Vulnerability Discovered in F5 Big-IP Platform: Immediate Patching Recommended

On March 11, 2021, F5 Networks, a prominent player in application security, issued an urgent advisory regarding four significant vulnerabilities affecting its Big-IP platform. These security flaws, which span several F5 products, pose severe risks, including the potential for denial-of-service (DoS) attacks and unauthenticated remote code execution, enabling attackers to take control of affected systems without prior authorization.

The vulnerabilities in question are classified under CVE identifiers ranging from CVE-2021-22986 to CVE-2021-22992. Notably, two of these vulnerabilities were identified by Felix Wilhelm from Google’s Project Zero in December 2020. The four critical vulnerabilities specifically impact BIG-IP versions 11.6, 12.x, and newer iterations, and the pre-authentication remote code execution flaw (CVE-2021-22986) extends its reach to the BIG-IQ versions 6.x and 7.x.

F5 has communicated that, as of the advisory’s release, there have been no known public instances of exploitation concerning these vulnerabilities. However, the implications of successfully leveraging these security gaps are severe. Attackers could potentially achieve full system compromise that includes executing arbitrary code remotely. Furthermore, these vulnerabilities could trigger buffer overflows, thereby leading to significant disruptions in service through DoS attacks.

Given the critical nature of these flaws, F5 is urging its customers to promptly apply the patches. The risk of exploitation remains a potent threat, particularly for businesses relying on this infrastructure, as an attacker can use these vulnerabilities for initial access into vulnerable networks.

In terms of cybersecurity tactics, the vulnerabilities align with multiple MITRE ATT&CK techniques. Adversaries could employ methods such as initial access to penetrate defenses, followed by privilege escalation in their efforts to gain control. The potential for exploitation also suggests possibilities of persistence strategies, allowing attackers to maintain access to targeted systems even after initial corrective measures are taken.

As the landscape of cybersecurity threats continues to evolve, staying vigilant against vulnerabilities such as those disclosed by F5 is crucial for business owners. The urgency in addressing this advisory highlights the constant need for proactive measures in enhancing security postures against emerging threats.

Source link

Related Posts

Released ProxyLogon Exploit PoC: A Potential Catalyst for Increased Cyber Attacks

March 11, 2021

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint advisory on Wednesday, highlighting ongoing exploitation of vulnerabilities in Microsoft Exchange on-premises products by both nation-state actors and cybercriminals. “CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal sensitive information, encrypt data for ransom, or conduct destructive attacks,” the agencies stated. They also noted that compromised networks might be sold on the dark web. Recent attacks have mainly targeted local governments, academic institutions, NGOs, and businesses across various sectors such as agriculture, biotechnology, aerospace, defense, legal services, power utilities, and pharmaceuticals—consistent with previous activities linked to Chinese cyber threats. Tens of thousands of entities, including the Eur…

Vulnerabilities in Two Major WordPress Plugins Impact Over 7 Million Sites

On March 18, 2021, researchers revealed security flaws in several WordPress plugins, which, if exploited, could enable attackers to execute arbitrary code and potentially take control of affected websites. The vulnerabilities were found in Elementor, a widely-used website builder plugin installed on more than seven million sites, and WP Super Cache, a popular tool for serving cached pages on WordPress. According to Wordfence, which identified the weaknesses in Elementor, the issue involves a series of stored cross-site scripting (XSS) vulnerabilities (CVSS score: 6.4). This occurs when malicious scripts are injected directly into a vulnerable web application. Specifically, the lack of server-side validation for HTML tags allows an attacker to inject executable JavaScript into posts or pages through crafted requests. “Since posts created by contributors are usually reviewed by editors or administrators before publication, any JavaScript added to one of the…

Urgent: High-Severity RCE Vulnerability Discovered in Apache OFBiz ERP Software – Immediate Patch Required

On March 22, 2021, the Apache Software Foundation disclosed a critical vulnerability in Apache OFBiz that poses a significant risk. Tracked as CVE-2021-26295, this flaw allows unauthenticated attackers to potentially take remote control of the open-source enterprise resource planning (ERP) system. It impacts all versions prior to 17.12.06 and involves an “unsafe deserialization” vulnerability that enables remote code execution on susceptible servers.

Apache OFBiz is a Java-based web framework designed for automating various enterprise processes, including accounting, customer relationship management, manufacturing, order management, supply chain fulfillment, and warehouse management. By exploiting this vulnerability, an attacker can manipulate serialized data to introduce arbitrary code. Once deserialized, this code can lead to unauthorized remote execution. It is crucial for users to implement the necessary patches immediately.

Critical Security Flaws Discovered in Netop Remote Learning Software

On March 22, 2021, cybersecurity researchers revealed significant vulnerabilities in the remote student monitoring tool, Netop Vision Pro. These weaknesses could potentially allow attackers to execute arbitrary code and gain control over Windows computers. The McAfee Labs Advanced Threat Research team warned that these vulnerabilities enable privilege escalation and could facilitate full access to students’ devices within the same network. The identified issues, labeled as CVE-2021-27192, CVE-2021-27193, CVE-2021-27194, and CVE-2021-27195, were reported to Netop on December 11, 2020. The Denmark-based company addressed these vulnerabilities in an update (version 9.7.2) released on February 25. According to Netop, this maintenance release resolved several security concerns, including local privilege escalation and transmitting sensitive data in plain text.