Cyber security provider F-Secure is advising organizations using F5 Networks’ BIG-IP load balancer, which is popular amongst governments, banks, and other large corporations, to address security issues in some common configurations of the product.
Adversaries can exploit these insecurely configured load balancers to penetrate networks and perform a wide variety of attacks against organizations, or individuals using web services managed by a compromised device.
Exploitation potential
The security issue is present in the Tcl programming language that BIG-IP’s iRules (i.e., Tcl scripts) are written in. Certain coding practices allow attackers to inject arbitrary Tcl commands, which could be executed in the security context of the target Tcl script.
Adversaries that successfully exploit such insecurely configured iRules can use the compromised BIG-IP device as a beachhead to l ..
Support the originator by clicking the read the rest link below.
