Cybersecurity firm NCC Group has detected successful in the wild exploitation of a recently patched critical flaw in F5 BIG-IP and BIG-IQ networking devices.
The exploitation attempts started earlier last week, with mass scanning activity detected by NCC Group and Bad Packets. The unauthenticated, remote command execution vulnerability – CVE-2021-22986 – could allow threat actors to take complete control over a vulnerable system.
The US Cybersecurity and Infrastructure Agency has urged organizations using BIG-IQ and BIG-IP to fix the critical F5 flaw, along with another vulnerability being tracked as CVE-2021-22987.
To Read More: ThreatPost
