Vulnerabilities in F5 Networks software opens the door to hackers
Vulnerabilities in software from network traffic management
and security firm F5 Networks Inc. could allow attackers to exploit F5
customers and steal data.
The vulnerabilities, most patched in new software updates,
were disclosed by F5 on Wednesday. The 29 vulnerabilities run a gauntlet of
issues, with the highest having a Common Vulnerability Scoring System score of
8.8. Thirteen of the 29 vulnerabilities were rated as high-severity.
The 8.8 vulnerability, formally named, CVE-2021-23031,
affects BIG-IP Advanced WAF and BIG-IP ASM. The vulnerability would allow an
authenticated user to perform a privilege escalation. Having gained access to
the Configuration utility, an authenticated hacker could execute arbitrary system
commands, create or delete files, or disable services. It’s noted that the
vulnerability may result in complete system compromise.
F5 did warn, though, that because the main vulnerability can
be accessed by any authenticated user, there’s no overall “viable mitigation.”
Although it has patched the access path for a hacker, any legitimate
authenticated user can still exploit the vulnerability. The only way to
mitigate the risk is to remove access to any users who are not entirely trusted
to have the access to begin with.
“Since F5’s products are used in many hosting and large
enterprise applications, users should check the F5 advisories to check if their
equipment is vulnerable,” Sean Nikkel, senior cyberthreat intelligence analyst
at digital risk protection service provider Digital Shadows Ltd., told
SiliconANGLE. “Attackers gaining control of any of those listed devices,
specifically the web application firewall, could wreak havoc across an estate.”
With so many higher-level vulnerabilities listed, organizations
must patch them as soon as possible or risk compromise to critical areas of the
infrastructure, Nikkel added. “If it can’t be done, steps should be taken to
mitigate the risk and at least deploy some of the best practice recommendations
from F5, like allowing only trusted, authenticated users to access some of the
applications,” he said.
Jonathan Chua, application security consultant at
application security provider nVisium LLC, noted that F5 Big IP has been
targeted by security researchers and adversaries.
“Several F5 application services can be hosted externally,
allowing any internet user to attempt to connect to the service.,” Chua
explained. “Due to the ease of accessibility and the amount of publicly known
vulnerabilities associated with F5 applications, the service becomes a prime
target for adversaries to break into a company’s network via the external
perimeter.”
Yaniv Bar-Dayan, co-founder and chief executive of
software-as-a-service cybesecurity risk remediation company Vulcan Cyber Ltd.,
said that “even though 29 vulnerabilities, with many being high severity,
across several F5 devices may seem like a high number, it is par for the course
for any notable enterprise tech provider and is a relative drop in the bucket
considering the tens of thousands of vulnerabilities disclosed every year.”
Comments
Post a Comment