Researcher Christoffer Jerkeby from F-Secure discovered a vulnerability in the BIG-IP load balancer code from F5 Networks.
Exploitation of the vulnerability allows an attacker to penetrate the network and carry out various attacks against companies or individuals using web services on a compromised device with the help of this solution.Reference: BIG-IPis commonly used as a load balancer by businesses and governments that provide online services to large numbers of people. Load balancers help organizations manage sessions, store cookies, route web traffic, backend servers etc.
A security problem is present in the Tcl programming language that was used for writing iRules BIG-IP solution. Some encoding methods allow attackers to enter arbitrary Tcl commands to execute them in the security context of the Tcl target script. Attackers can also intercept and manipulate web-traffic, revealing confidential information, including credentials for authentication and application data.
“The research team discovered over 300,000 active BIG-IP implementations on the internet during the course of researching this issue, but due to methodological limitations, suspects the real number could be much higher. And while not everyone using BIG-IPwill be vulnerable, the obscure nature of the underlying issue means most organizations need to investigate and verify whether or not they’re affected”, — reported Christoffer Jerkeby.
Researcher notes situations where a compromised device will not record the actions of the criminal, so after the attack there will be no evidence. In another version, an attacker can, after exploiting a vulnerability, delete logs containing traces of activity and seriously complicate investigation of incidents.
Read also: Encrypting malware attacks NAS Synology and Lenovo Iomega
However, this problem cannot be resolved by fixing or updating the software from the supplier, so organizations should check for vulnerabilities.
Recommendations:
It is recommended that organizations proactively investigate whether or not they’re affected.
Jerkeby helped in developing two free, open source utilities that organizations can use to identify insecure configurations in their BIG-IP solutions.