Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label F5 Security. Show all posts
Hacker attack
Breaches Critical Infrastructure critical infrastructure attack Cyber Attacks Cyberhackers data security F5 Security Hacker attack

Nation-State Hackers Breach F5 Networks, Exposing Thousands of Government and Corporate Systems to Imminent Threat

 

Thousands of networks operated by the U.S. government and Fortune 500 companies are facing an “imminent threat” of cyber intrusion after a major breach at Seattle-based software maker F5 Networks, the federal government warned on Wednesday. The company, known for its BIG-IP networking appliances, confirmed that a nation-state hacking group had infiltrated its systems in what it described as a “sophisticated, long-term intrusion.” 

According to F5, the attackers gained control of the network segment used to develop and distribute updates for its BIG-IP line—a critical infrastructure tool used by 48 of the world’s top 50 corporations. During their time inside F5’s systems, the hackers accessed proprietary source code, documentation of unpatched vulnerabilities, and customer configuration data. Such access provides attackers with an extraordinary understanding of the product’s architecture and weaknesses, raising serious concerns about potential supply-chain attacks targeting thousands of networks worldwide. 

Security analysts suggest that control of F5’s build environment could allow adversaries to manipulate software updates or exploit unpatched flaws within BIG-IP devices. These appliances often sit at the edge of networks, acting as load balancers, firewalls, and encryption gateways—meaning a compromise could provide a direct pathway into sensitive systems. The stolen configuration data also increases the likelihood that hackers could exploit credentials or internal settings for deeper infiltration. 

Despite the severity of the breach, F5 stated that investigations by multiple cybersecurity firms, including IOActive, NCC Group, Mandiant, and CrowdStrike, have not found evidence of tampering within its source code or build pipeline. The assessments further confirmed that no critical vulnerabilities were introduced and no customer or financial data was exfiltrated from F5’s internal systems. However, experts caution that the attackers’ deep access and stolen intelligence could still enable future targeted exploits. 

In response, F5 has issued updates for its BIG-IP, F5OS, BIG-IQ, and APM products and rotated its signing certificates to secure its software distribution process. The company has also provided a threat-hunting guide to assist customers in detecting potential compromise indicators. 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning that the breach “poses an unacceptable risk” to federal networks. Agencies using F5 appliances have been ordered to inventory all affected devices, install the latest patches, and follow the company’s threat-hunting protocols. Similarly, the UK’s National Cyber Security Centre (NCSC) has released guidance urging organizations to update their systems immediately. 

While no supply-chain compromise has yet been confirmed, the breach of a vendor as deeply embedded in global enterprise networks as F5 underscores the growing risk of nation-state infiltration in critical infrastructure software. As investigations continue, security officials are urging both government and private organizations to take swift action to mitigate potential downstream threats.
Read more »
Vulnerabilities and Exploits
BIG-IP Networking Device Configuration Tool Critical Flaws F5 Security Security Patch Vulnerabilities and Exploits

F5 Security Patched Severe Vulnerabilities in its BIG-IP Networking Device

 

F5 Security has patched over a dozen critical-severity vulnerabilities in its BIG-IP networking device, including one which was classified as critical severity when exploited under certain conditions. 

A privilege escalation flaw, tracked as CVE-2021-23031 affects the BIG-IP Advanced Web Application Firewall (WAF) and Application Security Manager (ASM) Traffic Management User Interface (TMUI). 

An authorized attacker who has entry to the Configuration tool can exploit the issue to run arbitrary system commands, create or remove files, and/or discontinue services. Due to the flaw, an attacker can totally compromise the network device. 

The vulnerability was assigned a severity level of 8.8, but according to the security notice, users that use the Appliance Mode, which imposes some technical constraints, get a severity value of 9.9 out of 10. As per the security advisory for CVE-2021-23031, the problem is only affecting a small number of clients in critical condition. 

“When this vulnerability is exploited, an authenticated attacker with access to the Configuration utility can execute arbitrary system commands, create or delete files, and/or disable services. This vulnerability may result in complete system compromise.” states the advisory. 

“The limited number of customers using Appliance mode have Scope: Changed, which raises the CVSSv3 score to 9.9. For information about Appliance mode, refer to K12815: Overview of Appliance mode.” 

The vendor advises that the device should be updated; however, if this is not feasible, admins should restrict access to the Configuration utility to only 100% trusted users. 

The U. S. Cybersecurity and Infrastructure Security Agency (CISA) also issued a security notification advising users and administrators to examine the F5 security advisory and install updated software or implement adequate measures as soon as possible. 

F5 addressed 30 high-severity flaws in various products, including authenticated remote command execution vulnerabilities, cross-site scripting (XSS) issues, request forgery bugs, inadequate permission flaws, and denial-of-service flaws. 

The flaws were given a severity score ranging from 7.2 to 7.5. The following is a list of issues patched by the vendor, along with their CVE and CVSS scores: 
  •  CVE-2021-23025: High 7.2
  •  CVE-2021-23026: High 7.5
  •  CVE-2021-23027: High 7.5
  •  CVE-2021-23028: High 7.5
  •  CVE-2021-23029: High 7.5
  •  CVE-2021-23030: High 7.5
  •  CVE-2021-23031: High–Critical – Appliance mode only 8.8–9.9
  •  CVE-2021-23032: High 7.5
  •  CVE-2021-23033: High 7.5
  •  CVE-2021-23034: High 7.5
  •  CVE-2021-23035: High 7.5
  •  CVE-2021-23036: High 7.5
  •  CVE-2021-23037: High 7.5

Lastly, the vendor also fixed medium and low severity vulnerabilities.
Read more »
Subscribe to: Comments (Atom)