F5 Networks, one of the world's largest provider of enterprise networking gear, has published a security advisory this week warning customers to patch a dangerous security flaw that is very likely to be exploited.
The vulnerability impacts the company's BIG-IP product. These are multi-purpose networking devices that can work as web traffic shaping systems, load balancers, firewalls, access gateways, rate limiters, or SSL middleware.
BIP-IP is one of the most popular networking products in use today. They are used in government networks all over the globe, on the networks of internet service providers, inside cloud computing data centers, and widely across enterprise networks.
On its website[1], F5 says its BIG-IP devices are used on the networks of 48 companies included in the Fortune 50 list.
CVE-2020-5902
Tracked as CVE-2020-5902, the BIG-IP bug was found and privately reported to F5 by Mikhail Klyuchnikov[2], a security researcher at Positive Technologies.
The bug is a so-called "remote code execution" vulnerability in BIG-IP's management interface, known as TMUI (Traffic Management User Interface).
Attackers can exploit this bug over the internet to gain access to the TMUI component, which runs on top of a Tomcat server on BIG-IP's Linux-based operating system.
Hackers don't need valid credentials to attack devices, and a successful exploit can allow intruders to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code -- and eventually lead to attackers gaining full control over the BIG-IP device.
The vulnerability is so dangerous that it received the rare 10 out of 10 score on the CVSSv3 vulnerability severity scale. This score means the security bug is easy to exploit, automate, can be used over the internet, and doesn't require valid credentials or advanced coding skills to take advantage of.