Published: September 11, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Earlier this summer, a major security flaw was discovered targeting F5 Networks, the application services titan. F5 Networks discovered the vulnerability affecting its BIG-IP services, used by enterprise networks, governments, internet service providers, and cloud computing data centers. The U.S. CISA (Cybersecurity and Infrastructure Security Agency), among others, released an advisory warning all users regarding an active flaw in the F5 BIG-IP that is leaving them open to attack. There has been an update for over two months, yet many companies have not applied the fix.
More specifically, the flaw affects the BIG-IP Traffic Management User Interface. The vulnerability, known as CVE-2020-5902, received a critical severity rating of 10.0, the highest severity score. Left unpatched, it means a remote bad actor can take control of target systems to execute arbitrary codes. Enterprise targets are subject to disabled services, intercepting information, creating and deleting files, and other commands, as well as infecting other devices on the network. At this point, all enterprise CEO’s and IT services should be aware that security patches are now available, and there is no excuse for not immediately applying them. Still, much of enterprise has yet to act.
The CISA alert maintains the F5 BIG-IP is actively being exploited, and those entities using the network need to mitigate the flaw immediately with the available security patches. An alert was also issued by the U.S. Cyber Command, urging updating the flaw. However, a security update problem still exists as many F5 BIG-IP users have yet to address the issue, leaving them seriously vulnerable to attack.
As we know, many security experts other than CISA and U.S. Cyber Command, also recommend the flaw be updated post haste. Once hackers became aware of the flaw, attacks immediately ensued and are still ongoing. Upgrading to a BIG-IP version that isn’t vulnerable to the attack is recommended, as well as quickly patching the security issue that currently exists.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments