Cybercriminal groups have been exploiting a critical vulnerability in F5 BIG-IP solutions to erase file systems on affected devices, rendering servers completely useless. Tracked as CVE-2022-1388, successful exploitation of the flaw would allow remote threat actors to execute commands on BIG-IP network devices with root user privileges, making it a critical security risk.

The company released the necessary fixes in mid-April, and just a few days later various groups of researchers published proof of concept (PoC) exploits, which made it easier for malicious hackers to start exploiting the vulnerability in real-world scenarios.

Researchers at SANS Internet Storm Center have identified at least two attacks targeting BIG-IP devices far more devastating than other hacking variants; Using their honeypots, the researchers identified that these attacks came from the IP address 177.54.127.111 and are based on the execution of the command ‘rm -rf /*’ in the affected implementations in an attempt to delete all files in the Linux file system when starting the execution of the devices.

Because the attack grants root privileges, running this command could remove almost all the contents of the file system, including the configuration files necessary for the proper functioning of BIG-IP devices. Just a few hours ago, security specialist Kevin Beaumont confirmed that threat actors were deploying these attacks:

The good news is that the attacks do not appear to be widespread, limiting themselves to a few cases detected so far. Other security firms, such as Bad Packets and GreyNoise, report failing to detect attack attempts in their honeypots.

F5 is now aware of the report and posted a message about it: “We have been in contact with SANS and are investigating the issue. If customers have not already done so, we urge them to upgrade to a fixed version of BIG-IP or implement one of the recommended mitigations.”

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Threat actors are exploiting critical vulnerability in F5 products to destroy firewalls and network devices completely appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

1 out of 3 WordPress plugins does not receive security updates; millions of websites at risk

A report specialized in WordPress security points to a 150% increase in…

Critical vulnerability in Less.js cause your plugins to leak confidential data like AWS keys

Cybersecurity specialists report the discovery of a critical vulnerability in Less.js, a…