Researcher Christoffer Jerkeby from F-Secure discovered a vulnerability in the BIG-IP load balancer code from F5 Networks.Exploitation of the vulnerability allows an attacker to penetrate the network and carry out various attacks against companies or individuals using web services on a compromised device with the help of this solution.
Reference: BIG-IPis commonly used as a load balancer by businesses and governments that provide online services to large numbers of people. Load balancers help organizations manage sessions, store cookies, route web traffic, backend servers etc.
A security problem is present in the Tcl programming language that was used for writing iRules BIG-IP solution. Some encoding methods allow attackers to enter arbitrary Tcl commands to execute them in the security context of the Tcl target script. Attackers can also intercept and manipulate web-traffic, revealing confidential information, including credentials for authentication and application data.
“The research team discovered over 300,000 active BIG-IP implementations on the internet during the course of researching this issue, but due to methodological limitations, suspects the real number could be much higher. And while not everyone using BIG-IPwill be vulnerable, the obscure nature of the underlying issue means most organizations need to investigate and verify whether or not they’re affected”, — reported Christoffer Jerkeby.
Researcher notes situations where a compromised device will not record the actions of the criminal, so after the attack there will be no evidence. In another version, an attacker can, after exploiting a vulnerability, delete logs containing traces of activity and seriously complicate investigation of incidents.
However, this problem cannot be resolved by fixing or updating the software from the supplier, so organizations should check for vulnerabilities.
It is recommended that organizations proactively investigate whether or not they’re affected.
Jerkeby helped in developing two free, open source utilities that organizations can use to identify insecure configurations in their BIG-IP solutions.
User Review( votes)