Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

F5 Patches Critical Vulnerability as Exploit Code is Added to Metasploit

On Tuesday, the exploit code needed in order to gain administrative rights on several F5 network appliances was added to the Metasploit framework. The addition comes one week after F5 warned customers about the issue, and advised them to take one of three recommended actions, such as upgrading to a non-vulnerable version.

On Tuesday, the exploit code needed in order to gain administrative rights on several F5 network appliances was added to the Metasploit framework. The addition comes one week after F5 warned customers about the issue, and advised them to take one of three recommended actions, such as upgrading to a non-vulnerable version.

F5 Networks says that customers using any of the following platforms are vulnerable: VIPRION B2100, B4100, B4200 Enterprise Manager 3000, 4000 BIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900, 8900, 8950, 11000, 11050

BIG-IP Virtual Edition

“A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect,” F5 explained in a security advisory.

“The only sign that this vulnerability may have been exploited on an affected system would be the appearance of unexpected root login messages in the /var/log/secure file… Neither a strong password policy nor remote authentication helps mitigate the issue.”

The problem is, while it is possible to check root logins in the /var/log/secure file, F5 correctly pointed out that if the vulnerability is exploited – an attacker can simply remove the logs proving that they were there in the first place. Also, the messages themselves do not give any signs that an attack has taken place.

There are three mitigations available, the most obvious being an upgrade to a non-vulnerable version of the impacted platform. After that, SSH access can be reconfigured, or one of four different mitigations can be implemented.

Mitigations and additional information are available in the F5 security advisory.  

Written By

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).