Threat Alert

by IthacaLabs™

THREAT LEVEL/High 06/07/2020

New Critical Vulnerabilities Affecting F5’s BIG-IP Networking Devices

Threat Level Description

Threat Level: High - An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.

Description

We have observed that two new critical vulnerabilities affecting F5’s BIG-IP networking devices, have been identified.

The first vulnerability (CVE-2020-5902) resides in a configuration utility, called Traffic Management User Interface (TMUI), for BIG-IP application delivery controller (ADC), and could let remote attackers take complete control of the targeted systems, eventually gaining surveillance over the application data they manage.

BIG-IP ADC is being used by enterprises, data centers, and cloud computing environments, allowing them to implement application acceleration, load balancing, rate shaping, SSL offloading, and web application firewall services.

An unauthenticated remote attacker could exploit this vulnerability by sending a maliciously crafted HTTP request to the targeted server, hosting the Traffic Management User Interface (TMUI) utility for BIG-IP configuration.

The second flaw is an XSS vulnerability (CVE-2020-5903) that resides in the BIG-IP configuration interface and could let remote attackers run malicious JavaScript code, on this interface, with administrator privileges.

CVE(s)

CVE-2020-5902

BASE SCORE: 10 High
VECTOR: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

CVE-2020-5903

BASE SCORE: 4.3 Medium
VECTOR: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.

Affected Systems

  • F5's BIG-IP Networking Devices
  • • 15.0.0 - 15.1.0.3
  • • 14.1.0 - 14.1.2.5
  • • 13.1.0 - 13.1.3.3
  • • 12.1.0 - 12.1.5.1
  • • 11.6.1 - 11.6.5.1
  • Recommendation(s)

    You should immediately update to the latest versions available from the vendor, and apply the relevant security patches.

    You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.

    References

    Get the latest Threat Alerts in your inbox.