Critical F5 BIG-IP Vulnerability under Active Attack

10
Critical F5 BIG-IP Vulnerability under Active Attack

Cybersecurity firm NCC Group has detected successful in the wild exploitation of a recently patched critical flaw in F5 BIG-IP and BIG-IQ networking devices.

The exploitation attempts started earlier last week, with mass scanning activity detected by NCC Group and Bad Packets. The unauthenticated, remote command execution vulnerability – CVE-2021-22986 – could allow threat actors to take complete control over a vulnerable system.

The US Cybersecurity and Infrastructure Agency has urged organizations using BIG-IQ and BIG-IP to fix the critical F5 flaw, along with another vulnerability being tracked as CVE-2021-22987.

To Read More: ThreatPost