To conduct remote denial-of-service (DoS) attacks, a flaw discovered by a researcher in a BIG-IP product from F5 Networks can be exploited.
Nikita Abramov, a researcher at Positive Technologies, a supplier of cybersecurity solutions, discovered the security bug and it affects certain versions of BIG-IP Access Policy Management (APM), a protected access solution that simplifies and centralises access to apps, APIs and info.
The weakness, according to F5 Networks, is linked to a Traffic Management Microkernel (TMM) portion that processes all load-balanced traffic on BIG-IP systems.
“The Traffic Management Microkernel (TMM) stops responding and restarts when a BIG-IP APM virtual server processes traffic of an undisclosed nature,” the supplier explained in an advisory issued in mid-December. Processing of traffic is interrupted as TMM restarts. When the affected BIG-IP system is installed as part of a device party, a failover to the peer device is caused by the system.
Abramov noted that it does not take any software to exploit this vulnerability; the attacker merely needs to send a specially designed HTTP request to the server hosting the BIG-IP configuration utility, which blocks access to the device “for a while (until it restarts automatically).”
In its advisory, F5 reported that the vulnerability, monitored as CVE-2020-27716 with a high severity ranking, impacts only versions 14.x and 15.x. In both branches, patches that fix the bug are available.
Last year, Constructive Technology told F5 of a crucial BIG-IP vulnerability that ended up being abused in the wild, both by profit-driven cybercriminals and state-sponsored cyberspies.
