In BIG-IP load balancer detected vulnerabilities

by Brendan Smith
August 10, 2019
Vulnerability in the BIG-IP balancer
Written by Brendan Smith

Researcher Christoffer Jerkeby from F-Secure discovered a vulnerability in the BIG-IP load balancer code from F5 Networks.

Exploitation of the vulnerability allows an attacker to penetrate the network and carry out various attacks against companies or individuals using web services on a compromised device with the help of this solution.

Reference: BIG-IPis commonly used as a load balancer by businesses and governments that provide online services to large numbers of people. Load balancers help organizations manage sessions, store cookies, route web traffic, backend servers etc.

A security problem is present in the Tcl programming language that was used for writing iRules BIG-IP solution. Some encoding methods allow attackers to enter arbitrary Tcl commands to execute them in the security context of the Tcl target script. Attackers can also intercept and manipulate web-traffic, revealing confidential information, including credentials for authentication and application data.

“The research team discovered over 300,000 active BIG-IP implementations on the internet during the course of researching this issue, but due to methodological limitations, suspects the real number could be much higher. And while not everyone using BIG-IPwill be vulnerable, the obscure nature of the underlying issue means most organizations need to investigate and verify whether or not they’re affected”, — reported Christoffer Jerkeby.

Researcher notes situations where a compromised device will not record the actions of the criminal, so after the attack there will be no evidence. In another version, an attacker can, after exploiting a vulnerability, delete logs containing traces of activity and seriously complicate investigation of incidents.

Read also: Encrypting malware attacks NAS Synology and Lenovo Iomega

However, this problem cannot be resolved by fixing or updating the software from the supplier, so organizations should check for vulnerabilities.

Recommendations:

It is recommended that organizations proactively investigate whether or not they’re affected.

Jerkeby helped in developing two free, open source utilities that organizations can use to identify insecure configurations in their BIG-IP solutions.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

I'm Brendan Smith, a passionate journalist, researcher, and web content developer. With a keen interest in computer technology and security, I specialize in delivering high-quality content that educates and empowers readers in navigating the digital landscape.

With a focus on computer technology and security, I am committed to sharing my knowledge and insights to help individuals and organizations protect themselves in the digital age. My expertise in cybersecurity principles, data privacy, and best practices allows me to provide practical tips and advice that readers can implement to enhance their online security.

View all posts

Leave a Reply

Sending