Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment
Last week, government agencies released a warning about a high-threat vulnerability in a line of BIG-IP products sold by the company F5. The agencies advised security professionals to implement a released patch to protect devices from the exploit, which could allow attackers to fully take control of the networking equipment, allowing them access to all traffic. Some companies have already stated that they have witnessed the vulnerability being exploited in the wild, stating that it may be too late to patch the F5 equipment.
The vulnerability was first reported to F5 by cybersecurity firm Positive technologies and affected a series of BIG-IP devices that serve as load balancers within large networks. The devices distribute traffic to different servers. Positive Technologies found the so-called directory traversal bug in the web-based management interface. This could result in threat actors exploiting the bug to access unauthorized information.