Search

NSA, CISA warn of massive vulnerability for popular networking device - FCW.com

pandangsa.blogspot.com

Cybersecurity

NSA, CISA warn of massive vulnerability for popular networking device

Placeholder image for FCW article template 

The U.S. government is warning of a particularly dangerous vulnerability affecting BIG-IP networking devices produced by F5 that likely impacts every major sector in the world, including federal agencies.

According to F5, the remote code execution vulnerability was first discovered by researcher Mikhail Klyuchnikov of Positive Technologies and exists in the traffic management user interface of its Big-IP networking devices. It allows unauthenticated attackers to carry out a number of RCE attacks, including creating or deleting files, disabling services and issuing other arbitrary system commands.

On July 3, U.S. Cyber Command advised organizations to “remediate immediately,” adding that patching the vulnerabilities “should not be postponed over the weekend.” The Cybersecurity and Infrastructure Security Agency put out an alert encouraging users to patch, and CISA Director Chris Krebs said his organization was already seeing reports of active scanning and possible exploitation of the vulnerability. Over the weekend, Krebs warned the “pre-exploit window to patch [is] slamming shut right in front of your eyes” and that organizations that hasn’t patched their devices by Sunday morning should “assume compromise.”

The networking devices are a popular choice to support many enterprise networks; researchers have found thousands of such devices connected to the internet through Shodan. A search of government contracting records finds a number of agencies that have either procured F5 BIG-IP devices or maintenance services for existing devices over the past five years, including the Departments of Commerce, Defense, State, multiple branches of the military, the FBI and a number of smaller agencies.

According to F5’s website, several of its BIG-IP products are also certified under the National Institute of Standards and Technology's USGv6 conformance program and the Department of Defense Information Network Approved Product List, while its traffic filtering firewall products are on the National Security Agency’s component list for its Commercial Solutions for Classified program.

FCW has reached out to CISA for more information on further remediation actions targeting federal networks or critical infrastructure.

The vulnerability was rated “critical” and given a 10/10, the highest possible severity score, by the Common Vulnerability Scoring System. A patch was quickly developed, but information security professionals say the attack is simple to carry out and organizations may have already missed their opportunity to avoid exploitation. 

Curtis Dukes, former head of the Information Assurance Directorate at NSA and executive vice president at the Center for Internet Security, told FCW that F5 BIG-IP devices are used by most large organizations, including major cloud service providers. Because it’s an RCE vulnerability, attacks can reach any device connected to the internet, regardless of where the attacker or device is located. A simple HTTP request can give attackers access to the server, where they can carry out credential theft, denial of service, file exfiltration or other attacks. He also highlighted cloud service providers and government entities that manage large datasets as particularly at-risk.

“Pretty much every industry sector uses the device and is likely susceptible -- if they are internet-facing -- to an attack,” Dukes said.


About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Let's block ads! (Why?)



"device" - Google News
July 07, 2020 at 03:17AM
https://ift.tt/2Z1zMTs

NSA, CISA warn of massive vulnerability for popular networking device - FCW.com
"device" - Google News
https://ift.tt/2KSbrrl
https://ift.tt/2YsSbsy

Bagikan Berita Ini

0 Response to "NSA, CISA warn of massive vulnerability for popular networking device - FCW.com"

Post a Comment

Powered by Blogger.