Blog | G5 Cyber Security

Critical F5 BIG-IP vulnerability now targeted in ongoing attacks

Cybersecurity firm NCC Group says it detected successful exploitation of a recently patched vulnerability in F5 BIG-IP and BIG-IQ networking devices. The vulnerability is an unauthenticated remote command execution (RCE) tracked as CVE-2021-22986. Multiple security researchers have already shared proof-of-concept exploit code after reverse-engineering the Big-IP patch. The bug (with a severity rating of 9.8/10) could lead to full system compromise, including lateral movement to internal network and interception of controller application traffic.

Source: https://www.bleepingcomputer.com/news/security/critical-f5-big-ip-vulnerability-now-targeted-in-ongoing-attacks/

Exit mobile version