Critical RCE Vulnerability in F5 BIG-IP Application Security Servers

This vulnerability gives the CVSS score of 10/10, meaning it could result in unpatched users to be completely compromised. The issue is in the TMUI configuration utility and can be exploited by unauthenticated remote attackers via sending a malicious HTTP request to the vulnerable server.

In June, there were over 8000 vulnerable devices that were exposed directly to the internet. The recommendation is to update your BIG-IP versions to at minimum be the following: 11.6.5.2, 12.1.5.2, 13.1.3.4, 14.1.2.6, 15.1.0.4

Source: Thehackernews

Risk Crew