Threat actors have begun exploiting a significant flaw in F5’s BIG-IP modules after information on a workable vulnerability was made publicly available.
Unauthenticated hackers can use the CVE-2020-1388 major vulnerability to run “arbitrary system commands, create or destroy files, or disable services” on its BIG-IP platforms. F5 has published patches and mitigation approaches to protect BIG-IP iControl modules linked to the Representational State Transfer (REST) authentication component. If vulnerabilities aren’t patched, a hacker can use them to run commands with root system rights.
The purpose of this endpoint is to provide an interface for running user-supplied input as a root-level bash command.
Read More: https://threatpost.com/exploit-f5-big-ip-bug/179563/
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
