DETECTION OVERVIEW

F5 BIG-IP Exploit - CVE-2020-5902

Risk Factors

Unpatched BIG-IP Application Delivery Controllers (ADCs) with web interfaces can be easily accessed by an attacker, especially if the web interface is internet-facing. Attack tools such as Metasploit and publicly-available exploits can help an unauthenticated attacker achieve their objective. A successful exploit can compromise the ADC and enable the attacker to intercept traffic or move laterally across the network.

Kill Chain

Exploitation

Risk Score

Attack Background

The BIG-IP ADC is a gateway device that directs traffic across a network. The configuration utility (Traffic Management User Interface or TMUI) has a known vulnerability, which enables unauthenticated attackers with network access to run arbitrary code on the TMUI server. The TMUI can be exposed to an attacker through the BIG-IP Management port or a Self IP address. Malicious code is delivered to the TMUI through an HTTP request that bypasses authentication checks and then runs a command or uploads a malicious payload. The attacker can then gain access to the BIG-IP ADC to manipulate traffic, access files, or upload malicious files to the ADC.

Mitigation Options

Install relevant patches for affected versions

Block external access to the TMUI utility with source IP filtering

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases