Big-IP critical flaw allows the launching of multiple cyberattacks

Positive Technologies researcher Nikita Ambramov reported the finding of a critical vulnerability in F5 Networks BIG-IP products that could be exploited to launch denial of service (DoS) attacks remotely. Ambramov mentions that the flaw lies in some versions of Access Policy Manager (APM), a product that centralizes access to applications, APIs, and data.

In this regard, the company mentions that this flaw is related to Traffic Management Microkernel (TMM), a component that processes all load-balanced traffic from BIG-IP systems: “If an APM virtual server processes unidentified traffic, TMM will stop responding and a restart will be forced,” the report says.

The researcher points out that exploiting this flaw does not require the use of hacking tools, as threat actors simply need to send specially designed HTTP requests to the server hosting the BIG-IP configuration utility, resulting in the DoS condition.

In its security alert, F5 mentions that the flaw, tracked as CVE-2020-27716, is considered highly severe and is present in versions 14.x and 15.x. Updates for both versions are now available, so users are advised to install them as soon as possible.

This is not the only similar flaw found recently. A couple of months ago, Positive Technologies experts reported to the company a critical BIG-IP flaw that was exploited in real-world scenarios, mainly by hacking groups sponsored by governments in China and Russia.