Top
image credit: Unsplash

CISA Says Hackers Exploited BIG-IP Vulnerability in Attacks on U.S. Government

July 27, 2020

The critical security hole, identified as CVE-2020-5902, allows an attacker with access to the product’s Traffic Management User Interface (TMUI) configuration utility to obtain credentials and other sensitive data, intercept traffic, and execute arbitrary code or commands, resulting in the system getting completely compromised.

The issue was disclosed on July 1. At the time of disclosure, Positive Technologies, whose employees have been credited for reporting the vulnerability to F5, estimated that there had been thousands of vulnerable devices exposed to the internet, including many in the United States.

Read More on Security Week