The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: F5 Networks

F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability

F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability

April 28, 2021Ravie Lakshmanan
Cybersecurity researchers on Wednesday disclosed a new bypass vulnerability (CVE-2021-23008) in the Kerberos Key Distribution Center (KDC) security feature impacting F5 Big-IP application delivery services. "The KDC Spoofing vulnerability allows an attacker to bypass the Kerberos authentication to Big-IP Access Policy Manager (APM), bypass security policies and gain unfettered access to sensitive workloads," Silverfort researchers Yaron Kassner and Rotem Zach said in a report. "In some cases this can be used to bypass authentication to the Big-IP admin console as well." Coinciding with the public disclosure, F5 Networks has released patches to address the weakness (CVE-2021-23008, CVSS score 8.1), with fixes introduced in BIG-IP APM versions 12.1.6, 13.1.4, 14.1.4, and 15.1.3. A similar patch for version 16.x is expected at a future date. "We recommend customers running 16.x check the security advisory to assess their exposure and get details on mitigati
Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online

March 20, 2021Ravie Lakshmanan
Almost 10 days after application security company F5 Networks  released patches  for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of in the wild exploitation comes on the heels of a proof-of-concept exploit code that surfaced online earlier this week by reverse-engineering the Java software patch in BIG-IP. The  mass scans  are said to have spiked since March 18. The flaws affect BIG-IP versions 11.6 or 12.x and newer, with a critical remote code execution (CVE-2021-22986) also impacting BIG-IQ versions 6.x and 7.x.  CVE-2021-22986  (CVSS score: 9.8) is notable for the fact that it's an unauthenticated, remote command execution vulnerability affecting the iControl REST interface, allowing an attacker to execute arbitrary system commands, create or delete files, and disable services without the need for any authentic
Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP!

Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP!

March 10, 2021Ravie Lakshmanan
Application security company F5 Networks on Wednesday published an  advisory  warning of four critical vulnerabilities impacting multiple products that could result in a denial of service (DoS) attack and even unauthenticated remote code execution on target networks. The patches concern a total of seven related flaws (from CVE-2021-22986 through CVE-2021-22992),  two  of  which  were discovered and reported by Felix Wilhelm of Google Project Zero in December 2020. The four critical flaws affect BIG-IP versions 11.6 or 12.x and newer, with a critical pre-auth remote code execution (CVE-2021-22986) also affecting BIG-IQ versions 6.x and 7.x. F5 said it's not aware of any public exploitation of these issues. Successful exploitation of these vulnerabilities could lead to a full compromise of vulnerable systems, including the possibility of remote code execution as well as trigger a buffer overflow, leading to a DoS attack. Urging customers to update their BIG-IP and BIG-IQ deploy
CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies

CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies

September 15, 2020Ravie Lakshmanan
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities. "CISA has observed Chinese [Ministry of State Security]-affiliated cyber threat actors operating from the People's Republic of China using commercially available information sources and open-source exploitation tools to target US Government agency networks," the cybersecurity agency said. Over the past 12 months, the victims were identified through sources such as Shodan , the Common Vulnerabilities and Exposure ( CVE ) database, and the National Vulnerabilities Database (NVD), exploiting the public release of a vulnerability to pick vulnerable targets and further their motives. By compromising legitimate websites and leveraging spear-phishing emails with malicious links pointing to attacker-owned sites in order to gain initial access, the Chinese
Critical RCE Flaw Affects F5 BIG-IP Application Security Servers

Critical RCE Flaw Affects F5 BIG-IP Application Security Servers

July 04, 2020Swati Khandelwal
Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers. The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS score of 10 out of 10, could let remote attackers take complete control of the targeted systems, eventually gaining surveillance over the application data they manage. According to Mikhail Klyuchnikov, a security researcher at Positive Technologies who discovered the flaw and reported it to F5 Networks, the issue resides in a configuration utility called Traffic Management User Interface (TMUI) for BIG-IP application delivery controller (ADC). BIG-IP ADC is being used by large enterprises, data centers, and cloud computing environments, allowing them to implement application acceleration, load balancing, rate shaping, SSL offloading, an
F5 Networks Acquires NGINX For $670 Million

F5 Networks Acquires NGINX For $670 Million

March 12, 2019Wang Wei
One of the most important software companies NGINX , which is also behind the very popular open-source web server of the same name, is being acquired by its rival, F5 Networks , in a deal valued at about $670 million. While NGINX is not a name that you have ever heard of, the reality is that you use NGINX every day when you post a photo, watch streaming video, purchase goods online, or log into your applications at work. NGINX powers over half of the busiest websites in the world. Majority of sites on the Internet today, including The Hacker News, and hundreds of thousands apps, like Instagram, Pinterest, Netflix, and Airbnb are hosted on web servers running NGINX. NGINX web server is the third most widely used servers in the world—behind only Microsoft and Apache, and ahead of Google. In short, the internet as we know it today would not exist without NGINX. F5 Acquires NGINX to Bridge NetOps and DevOps F5 Networks is the industry leader in cloud and security application
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.