CVE-2023-23397
KEV- 2 Posts
- 8 Interactions
CVE Info
Fediverse
Russian hackers have used a zero-day exploit to target Kevin Kühnert, General Secretary of the Social Democratic Party. (We're talking about CVE-2023-23397). Happened back in December 2022 and was just last week attributed officially (€)
Logs are not going back long enough, so nobody has an idea if/what data was exfiltrated
Der Spiegel: Kevin Kühnerts Postfach von russischen Hackern angegriffen (German, paywall)
Der Spiegel reports that Social Democratic Party of Germany (SPD) General Secretary Kevin Kühnert was one of the main victims of the APT28 2023 cyberattacks with his email inbox being targeted. "the attack occurred in December 2022, earlier than previously known."
While CVE-2023-23397 (9.8 critical, disclosed 14 March 2023 by Microsoft) is not explicitly mentioned in the article, they state "The vulnerability was rated 9.8 out of 10 and has apparently been exploited since April 2022." Hakan Tanriverdi (@hatr) also references it in his toot.
Der Spiegel said digital forensics turned up nothing due to the length of time passed: "However, according to SPIEGEL information, it was apparently no longer possible to find and analyze sufficient log files to accurately reconstruct the case."
#Germany #Russia #cyberspionage #news #APT28 #ForestBlizzard #FancyBear #CVE_2023_23397
CVE-2024-33655
- 2 Posts
- 30 Interactions
CVE Info
Fediverse
Today we released Unbound 1.20.0. This release has a fix for the DNSBomb issue CVE-2024-33655, which had a low severity for our #DNS resolver. https://nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/
CVE-2024-31497
- 2 Posts
- 4 Interactions
CVE Info
Fediverse
Allarme Sicurezza: Una Vulnerabilità critica su XenCenter di Citrix mette a rischio i sistemi
https://poliverso.org/display/0477a01e-18d85868-f215c844a39a6de4
Allarme Sicurezza: Una Vulnerabilità critica su XenCenter di Citrix mette a rischio i sistemi Una nuova vulnerabilità https://support.citrix.com/article/CTX633416/citrix-hypervisor-security-update-for-cve202431497 è stata scoperta nelle versioni di XenCenter per Citrix Hypervisor 8.2 CU1 LTSR che potrebbe mettere a rischio la sicurezza
unexpected Citrix security advisory: Citrix Hypervisor Security Update for CVE-2024-31497
Citrix confirms that versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR included PuTTY vulnerable to CVE-2024-31497 (CVSS score pending, disclosed 15 April 2024 by MITRE): In versions of PuTTY prior to version 0.81; when used in conjunction with XenCenter, this issue may, in some scenarios, allow an attacker who controls a guest VM to determine the SSH private key of a XenCenter administrator who uses that key to authenticate to that guest VM while using an SSH connection. Citrix recommends updated version (with a version number of at least 0.81) or removing PuTTY component completely (Note that versions of XenCenter for XenServer 8 have never included PuTTY.)
See related Bleeping Computer article about CVE-2024-31497: PuTTY SSH client flaw allows recovery of cryptographic private keys
#CVE_2024_31497 #PuTTY #Citrix #Hypervisor #XenCenter #vulnerability
CVE-2024-29212
- 3 Posts
- 4 Interactions
CVE Info
Fediverse
Veeam security advisory: Veeam Service Provider Console Vulnerability ( CVE-2024-29212 )
CVE-2024-29212 (8.8 high) Under certain conditions, an unsafe deserialization method in Veeam Service Provider Console (VSPC) server allows for remote code execution. Fixed in 7.0.0.18899 and 8.0.0.19236. No mention of exploitation.
Veeam Service Provider Console Affected by Severe RCE Vulnerability: CVE-2024-29212 #threatintel
Resumen de las últimas 24 horas en seguridad informática: Nuevo ataque "TunnelVision" compromete VPN, hackers crean admins en WordPress, DocGo sufre ciberataque, vulnerabilidad RCE en Veeam y hackeo al chatbot de Microsoft. Exposición de datos en Ministerio de Defensa del Reino Unido y peligros tecnológicos en Apache Guacamole. Descubre estos detalles y más en el siguiente listado de noticias sobre seguridad informática:
🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 08/05/24 📆 |====
🔒 NUEVO ATAQUE FILTRA TRÁFICO DE VPN
Descubre cómo el ataque "TunnelVision" puede comprometer la seguridad de tu conexión VPN, permitiendo a los atacantes espiar tu tráfico no cifrado. ¡Asegura tu privacidad en línea! 👉 https://djar.co/YRPUFw
🧨 HACKERS CREAN ADMINISTRADORES DE WORDPRESS
Conoce cómo los hackers están aprovechando una vulnerabilidad en LiteSpeed Cache para tomar el control de sitios web en WordPress. Protege tu página con las últimas actualizaciones ahora mismo. 👉 https://djar.co/DhsfAk
💉 DOCGO SUFRE CIBERATAQUE
DocGo confirma el robo de datos de salud de pacientes tras un ciberataque. ¿Estás protegiendo tus datos médicos de forma adecuada? Descubre más detalles aquí. 👉 https://djar.co/fjKkG
🚨 VULNERABILIDAD RCE DE VEEAM
La CVE-2024-29212 expone servicios de protección de datos al riesgo de ejecución remota de código. ¡Entérate de los detalles y toma medidas preventivas ahora! 👉 https://djar.co/eeDa5
🔓 HACKERS VULNERAN CHATBOT DE MICROSOFT
Lee cómo se logró hackear el chatbot de atención médica de Microsoft y las medidas tomadas para proteger la información sensible de los usuarios. ¡Descubre cómo evitar posibles vulnerabilidades! 👉 https://djar.co/PbCE7
🇬🇧 EXPOSICIÓN DE DATOS DEL MINISTERIO DE DEFENSA
El Reino Unido confirma una brecha de datos donde se expusieron datos de nómina del Ministerio de Defensa. Asegura la privacidad de tus datos personales. 👉 https://djar.co/bW7a9N
🔍 PELIGROS DE LA VARIEDAD TECNOLÓGICA
Descubre los desafíos de la interoperabilidad de código en la vulnerabilidad detectada en la pasarela de escritorio remoto Apache Guacamole. Mantente informado sobre los riesgos actuales en tecnología. 👉 https://djar.co/ZXlSzc
CVE-2024-26026
- 3 Posts
- 7 Interactions
CVE Info
Fediverse
F5 security advisories:
- K000138732: BIG-IP Next Central Manager OData Injection vulnerability CVE-2024-21793 (7.5 high)
- K000138733: BIG-IP Next Central Manager SQL Injection vulnerability CVE-2024-26026 (7.5 high)
Eclypsium helpfully provided proofs of concept: Big Vulnerabilities in Next-Gen BIG-IP
See related Bleeping Computer reporting: New BIG-IP Next Central Manager bugs allow device takeover
#CVE_2024_21793 #CVE_2024_26026 #F5 #BIGIP #vulnerability #proofofconcept #POC #PatchTuesday
F5 has released software updates to fix two security vulnerabilities in its BIG-IP Next Central Manager software.
The vulnerabilities are tracked as CVE-2024-26026 and CVE-2024-21793, and when exploited, can allow an attacker to take admin control of the software.
Administrators are advised to update ASAP.
Why you should care about the new F5 BIG-IP vulnerabilities CVE-2024-21793 and CVE-2024-26026:
- F5 BIG-IP has 5 CVEs in CISA's Known Exploited Vulnerabilities Catalog:
- CVE-2023-46747 (9.8 critical) F5 BIG-IP Configuration Utility Authentication Bypass
- CVE-2023-46748 (8.8 high) F5 BIG-IP Configuration Utility SQL Injection
- CVE-2022-1388 (9.8 critical) F5 BIG-IP Missing Authentication
- CVE-2021-22991 (9.8 critical) F5 BIG-IP Traffic Management Microkernel Buffer Overflow
- CVE-2021-22986 (9.8 critical) F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution
- CVE-2020-5902 (9.8 critical) F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution
- Several of these F5 BIG-IP vulnerabilities were known to be exploited during ransomware campaigns: CVE-2022-1388, CVE-2021-22986, and CVE-2020-5902.
- F5 BIG-IP was so extensively exploited at one point that CISA put out a cybersecurity advisory on 12 October 2022: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 (AA22-138A)
- CISA also put out a cybersecurity advisory for another massively exploited F5 BIG-IP CVE on 24 July 2020: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902 (AA20-206A). That one was so bad that CISA created a Guidance for F5 BIG-IP Vulnerability Fact Sheet.
- People’s Republic of China state-sponsored cyber actors LOVE F5 BIG-IP. According to CISA in the cybersecurity advisory Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors published 06 October 2022, CVE-2020-5902 and CVE-2022-1388 are among the top 20!
- Mandiant mentioned on 21 March 2024 that PRC actor UNC5174 likes CVE-2023-46747: Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect.
- Vulnerabilities with public proofs of concept are more likely to be exploited. Oh hey, Eclypsium provided the exploits. The same day.
cc: @todb
CVE-2024-21793
- 3 Posts
- 7 Interactions
CVE Info
Fediverse
F5 security advisories:
- K000138732: BIG-IP Next Central Manager OData Injection vulnerability CVE-2024-21793 (7.5 high)
- K000138733: BIG-IP Next Central Manager SQL Injection vulnerability CVE-2024-26026 (7.5 high)
Eclypsium helpfully provided proofs of concept: Big Vulnerabilities in Next-Gen BIG-IP
See related Bleeping Computer reporting: New BIG-IP Next Central Manager bugs allow device takeover
#CVE_2024_21793 #CVE_2024_26026 #F5 #BIGIP #vulnerability #proofofconcept #POC #PatchTuesday
F5 has released software updates to fix two security vulnerabilities in its BIG-IP Next Central Manager software.
The vulnerabilities are tracked as CVE-2024-26026 and CVE-2024-21793, and when exploited, can allow an attacker to take admin control of the software.
Administrators are advised to update ASAP.
Why you should care about the new F5 BIG-IP vulnerabilities CVE-2024-21793 and CVE-2024-26026:
- F5 BIG-IP has 5 CVEs in CISA's Known Exploited Vulnerabilities Catalog:
- CVE-2023-46747 (9.8 critical) F5 BIG-IP Configuration Utility Authentication Bypass
- CVE-2023-46748 (8.8 high) F5 BIG-IP Configuration Utility SQL Injection
- CVE-2022-1388 (9.8 critical) F5 BIG-IP Missing Authentication
- CVE-2021-22991 (9.8 critical) F5 BIG-IP Traffic Management Microkernel Buffer Overflow
- CVE-2021-22986 (9.8 critical) F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution
- CVE-2020-5902 (9.8 critical) F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution
- Several of these F5 BIG-IP vulnerabilities were known to be exploited during ransomware campaigns: CVE-2022-1388, CVE-2021-22986, and CVE-2020-5902.
- F5 BIG-IP was so extensively exploited at one point that CISA put out a cybersecurity advisory on 12 October 2022: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 (AA22-138A)
- CISA also put out a cybersecurity advisory for another massively exploited F5 BIG-IP CVE on 24 July 2020: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902 (AA20-206A). That one was so bad that CISA created a Guidance for F5 BIG-IP Vulnerability Fact Sheet.
- People’s Republic of China state-sponsored cyber actors LOVE F5 BIG-IP. According to CISA in the cybersecurity advisory Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors published 06 October 2022, CVE-2020-5902 and CVE-2022-1388 are among the top 20!
- Mandiant mentioned on 21 March 2024 that PRC actor UNC5174 likes CVE-2023-46747: Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect.
- Vulnerabilities with public proofs of concept are more likely to be exploited. Oh hey, Eclypsium provided the exploits. The same day.
cc: @todb
CVE-2024-3661
- 1 Post
- 1 Interaction
CVE Info
Fediverse
CVE-2023-24069
- 1 Post
CVE Info
Fediverse
@das_menschy hängt vom Einsatzszenario ab, denn wenn ein User Signal-Desktop verwendet, sind dort die „Angänge“ nicht verschlüsselt gespeichert, was imho somit unsicher ist.
Weiter fies daran ist, dass der Sendende nicht weiss ob der Empfänger dies mit der Desktop-App abruft. Die mit Desktop-App empfangenen „Anhänge“ lassen sich auch manipulieren.
Ergo mit Signal niemals vertrauliche oder privacy-relevante Dateien senden.
https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/
CVE-2023-24068
- 1 Post
CVE Info
Fediverse
@das_menschy hängt vom Einsatzszenario ab, denn wenn ein User Signal-Desktop verwendet, sind dort die „Angänge“ nicht verschlüsselt gespeichert, was imho somit unsicher ist.
Weiter fies daran ist, dass der Sendende nicht weiss ob der Empfänger dies mit der Desktop-App abruft. Die mit Desktop-App empfangenen „Anhänge“ lassen sich auch manipulieren.
Ergo mit Signal niemals vertrauliche oder privacy-relevante Dateien senden.
https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/
CVE-2024-23706
- 1 Post
CVE Info
Fediverse
The bug, tracked as CVE-2024-23706 and impacting Android 14, could allow attackers to escalate their privileges on vulnerable devices, Google notes in its advisory. https://www.securityweek.com/android-update-patches-critical-vulnerability/
CVE-2023-46747
KEV- 1 Post
- 2 Interactions
CVE Info
Fediverse
Why you should care about the new F5 BIG-IP vulnerabilities CVE-2024-21793 and CVE-2024-26026:
- F5 BIG-IP has 5 CVEs in CISA's Known Exploited Vulnerabilities Catalog:
- CVE-2023-46747 (9.8 critical) F5 BIG-IP Configuration Utility Authentication Bypass
- CVE-2023-46748 (8.8 high) F5 BIG-IP Configuration Utility SQL Injection
- CVE-2022-1388 (9.8 critical) F5 BIG-IP Missing Authentication
- CVE-2021-22991 (9.8 critical) F5 BIG-IP Traffic Management Microkernel Buffer Overflow
- CVE-2021-22986 (9.8 critical) F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution
- CVE-2020-5902 (9.8 critical) F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution
- Several of these F5 BIG-IP vulnerabilities were known to be exploited during ransomware campaigns: CVE-2022-1388, CVE-2021-22986, and CVE-2020-5902.
- F5 BIG-IP was so extensively exploited at one point that CISA put out a cybersecurity advisory on 12 October 2022: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 (AA22-138A)
- CISA also put out a cybersecurity advisory for another massively exploited F5 BIG-IP CVE on 24 July 2020: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902 (AA20-206A). That one was so bad that CISA created a Guidance for F5 BIG-IP Vulnerability Fact Sheet.
- People’s Republic of China state-sponsored cyber actors LOVE F5 BIG-IP. According to CISA in the cybersecurity advisory Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors published 06 October 2022, CVE-2020-5902 and CVE-2022-1388 are among the top 20!
- Mandiant mentioned on 21 March 2024 that PRC actor UNC5174 likes CVE-2023-46747: Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect.
- Vulnerabilities with public proofs of concept are more likely to be exploited. Oh hey, Eclypsium provided the exploits. The same day.
cc: @todb
CVE-2020-5902
KEV- 1 Post
- 2 Interactions
CVE Info
Fediverse
Why you should care about the new F5 BIG-IP vulnerabilities CVE-2024-21793 and CVE-2024-26026:
- F5 BIG-IP has 5 CVEs in CISA's Known Exploited Vulnerabilities Catalog:
- CVE-2023-46747 (9.8 critical) F5 BIG-IP Configuration Utility Authentication Bypass
- CVE-2023-46748 (8.8 high) F5 BIG-IP Configuration Utility SQL Injection
- CVE-2022-1388 (9.8 critical) F5 BIG-IP Missing Authentication
- CVE-2021-22991 (9.8 critical) F5 BIG-IP Traffic Management Microkernel Buffer Overflow
- CVE-2021-22986 (9.8 critical) F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution
- CVE-2020-5902 (9.8 critical) F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution
- Several of these F5 BIG-IP vulnerabilities were known to be exploited during ransomware campaigns: CVE-2022-1388, CVE-2021-22986, and CVE-2020-5902.
- F5 BIG-IP was so extensively exploited at one point that CISA put out a cybersecurity advisory on 12 October 2022: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 (AA22-138A)
- CISA also put out a cybersecurity advisory for another massively exploited F5 BIG-IP CVE on 24 July 2020: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902 (AA20-206A). That one was so bad that CISA created a Guidance for F5 BIG-IP Vulnerability Fact Sheet.
- People’s Republic of China state-sponsored cyber actors LOVE F5 BIG-IP. According to CISA in the cybersecurity advisory Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors published 06 October 2022, CVE-2020-5902 and CVE-2022-1388 are among the top 20!
- Mandiant mentioned on 21 March 2024 that PRC actor UNC5174 likes CVE-2023-46747: Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect.
- Vulnerabilities with public proofs of concept are more likely to be exploited. Oh hey, Eclypsium provided the exploits. The same day.
cc: @todb
CVE-2022-1388
KEV- 1 Post
- 2 Interactions
CVE Info
Fediverse
Why you should care about the new F5 BIG-IP vulnerabilities CVE-2024-21793 and CVE-2024-26026:
- F5 BIG-IP has 5 CVEs in CISA's Known Exploited Vulnerabilities Catalog:
- CVE-2023-46747 (9.8 critical) F5 BIG-IP Configuration Utility Authentication Bypass
- CVE-2023-46748 (8.8 high) F5 BIG-IP Configuration Utility SQL Injection
- CVE-2022-1388 (9.8 critical) F5 BIG-IP Missing Authentication
- CVE-2021-22991 (9.8 critical) F5 BIG-IP Traffic Management Microkernel Buffer Overflow
- CVE-2021-22986 (9.8 critical) F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution
- CVE-2020-5902 (9.8 critical) F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution
- Several of these F5 BIG-IP vulnerabilities were known to be exploited during ransomware campaigns: CVE-2022-1388, CVE-2021-22986, and CVE-2020-5902.
- F5 BIG-IP was so extensively exploited at one point that CISA put out a cybersecurity advisory on 12 October 2022: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 (AA22-138A)
- CISA also put out a cybersecurity advisory for another massively exploited F5 BIG-IP CVE on 24 July 2020: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902 (AA20-206A). That one was so bad that CISA created a Guidance for F5 BIG-IP Vulnerability Fact Sheet.
- People’s Republic of China state-sponsored cyber actors LOVE F5 BIG-IP. According to CISA in the cybersecurity advisory Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors published 06 October 2022, CVE-2020-5902 and CVE-2022-1388 are among the top 20!
- Mandiant mentioned on 21 March 2024 that PRC actor UNC5174 likes CVE-2023-46747: Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect.
- Vulnerabilities with public proofs of concept are more likely to be exploited. Oh hey, Eclypsium provided the exploits. The same day.
cc: @todb
CVE-2023-46748
KEV- 1 Post
- 2 Interactions
CVE Info
Fediverse
Why you should care about the new F5 BIG-IP vulnerabilities CVE-2024-21793 and CVE-2024-26026:
- F5 BIG-IP has 5 CVEs in CISA's Known Exploited Vulnerabilities Catalog:
- CVE-2023-46747 (9.8 critical) F5 BIG-IP Configuration Utility Authentication Bypass
- CVE-2023-46748 (8.8 high) F5 BIG-IP Configuration Utility SQL Injection
- CVE-2022-1388 (9.8 critical) F5 BIG-IP Missing Authentication
- CVE-2021-22991 (9.8 critical) F5 BIG-IP Traffic Management Microkernel Buffer Overflow
- CVE-2021-22986 (9.8 critical) F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution
- CVE-2020-5902 (9.8 critical) F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution
- Several of these F5 BIG-IP vulnerabilities were known to be exploited during ransomware campaigns: CVE-2022-1388, CVE-2021-22986, and CVE-2020-5902.
- F5 BIG-IP was so extensively exploited at one point that CISA put out a cybersecurity advisory on 12 October 2022: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 (AA22-138A)
- CISA also put out a cybersecurity advisory for another massively exploited F5 BIG-IP CVE on 24 July 2020: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902 (AA20-206A). That one was so bad that CISA created a Guidance for F5 BIG-IP Vulnerability Fact Sheet.
- People’s Republic of China state-sponsored cyber actors LOVE F5 BIG-IP. According to CISA in the cybersecurity advisory Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors published 06 October 2022, CVE-2020-5902 and CVE-2022-1388 are among the top 20!
- Mandiant mentioned on 21 March 2024 that PRC actor UNC5174 likes CVE-2023-46747: Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect.
- Vulnerabilities with public proofs of concept are more likely to be exploited. Oh hey, Eclypsium provided the exploits. The same day.
cc: @todb
CVE-2021-22986
KEV- 1 Post
- 2 Interactions
CVE Info
Fediverse
Why you should care about the new F5 BIG-IP vulnerabilities CVE-2024-21793 and CVE-2024-26026:
- F5 BIG-IP has 5 CVEs in CISA's Known Exploited Vulnerabilities Catalog:
- CVE-2023-46747 (9.8 critical) F5 BIG-IP Configuration Utility Authentication Bypass
- CVE-2023-46748 (8.8 high) F5 BIG-IP Configuration Utility SQL Injection
- CVE-2022-1388 (9.8 critical) F5 BIG-IP Missing Authentication
- CVE-2021-22991 (9.8 critical) F5 BIG-IP Traffic Management Microkernel Buffer Overflow
- CVE-2021-22986 (9.8 critical) F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution
- CVE-2020-5902 (9.8 critical) F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution
- Several of these F5 BIG-IP vulnerabilities were known to be exploited during ransomware campaigns: CVE-2022-1388, CVE-2021-22986, and CVE-2020-5902.
- F5 BIG-IP was so extensively exploited at one point that CISA put out a cybersecurity advisory on 12 October 2022: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 (AA22-138A)
- CISA also put out a cybersecurity advisory for another massively exploited F5 BIG-IP CVE on 24 July 2020: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902 (AA20-206A). That one was so bad that CISA created a Guidance for F5 BIG-IP Vulnerability Fact Sheet.
- People’s Republic of China state-sponsored cyber actors LOVE F5 BIG-IP. According to CISA in the cybersecurity advisory Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors published 06 October 2022, CVE-2020-5902 and CVE-2022-1388 are among the top 20!
- Mandiant mentioned on 21 March 2024 that PRC actor UNC5174 likes CVE-2023-46747: Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect.
- Vulnerabilities with public proofs of concept are more likely to be exploited. Oh hey, Eclypsium provided the exploits. The same day.
cc: @todb