The U.S. Cybersecurity and Infrastructure Security Agency issues a warning confirming the active exploitation of the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. Any remaining unpatched devices are probably already compromised during attacks that started just a few days after the company disclosed the flaw. CISA’s alert also provides additional mitigations and detection measures to help victims find out if their systems may have been compromised and recover after attacks.
Source: https://www.bleepingcomputer.com/news/security/us-govt-confirms-active-exploitation-of-f5-big-ip-rce-flaw/