Active Hackers Exploit F5 BIG-IP Flaw

Active Hackers Exploit F5 BIG-IP Flaw

Threat actors have begun exploiting a significant flaw in F5’s BIG-IP modules after information on a workable vulnerability was made publicly available.

Unauthenticated hackers can use the CVE-2020-1388 major vulnerability to run “arbitrary system commands, create or destroy files, or disable services” on its BIG-IP platforms. F5 has published patches and mitigation approaches to protect BIG-IP iControl modules linked to the Representational State Transfer (REST) authentication component. If vulnerabilities aren’t patched, a hacker can use them to run commands with root system rights.

The purpose of this endpoint is to provide an interface for running user-supplied input as a root-level bash command.

Read More:

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.