BIG-IP Product from F5 Networks Can be Exploited to Launch Remote Denial-of-Service (DoS) Attacks

vulnerability

To conduct remote denial-of-service (DoS) attacks, a flaw discovered by a researcher in a BIG-IP product from F5 Networks can be exploited.

Nikita Abramov, a researcher at Positive Technologies, a supplier of cybersecurity solutions, discovered the security bug and it affects certain versions of BIG-IP Access Policy Management (APM), a protected access solution that simplifies and centralises access to apps, APIs and info.

The weakness, according to F5 Networks, is linked to a Traffic Management Microkernel (TMM) portion that processes all load-balanced traffic on BIG-IP systems.

“The Traffic Management Microkernel (TMM) stops responding and restarts when a BIG-IP APM virtual server processes traffic of an undisclosed nature,” the supplier explained in an advisory issued in mid-December. Processing of traffic is interrupted as TMM restarts. When the affected BIG-IP system is installed as part of a device party, a failover to the peer device is caused by the system.

Abramov noted that it does not take any software to exploit this vulnerability; the attacker merely needs to send a specially designed HTTP request to the server hosting the BIG-IP configuration utility, which blocks access to the device “for a while (until it restarts automatically).”

In its advisory, F5 reported that the vulnerability, monitored as CVE-2020-27716 with a high severity ranking, impacts only versions 14.x and 15.x. In both branches, patches that fix the bug are available.

Last year, Constructive Technology told F5 of a crucial BIG-IP vulnerability that ended up being abused in the wild, both by profit-driven cybercriminals and state-sponsored cyberspies.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.