Security experts and the U.S. Cyber Command are urging admins to update a critical flaw in F5 Networks, which is under active attack.

Security experts are urging companies to deploy an urgent patch for a critical vulnerability in F5 Networks’ networking devices, which is being actively exploited by attackers to scrape credentials, launch malware and more.

Last week, F5 Networks issued urgent patches for the critical remote code-execution flaw (CVE-2020-5902), which has a CVSS score of 10 out of 10. The flaw exists in the configuration interface of the company’s BIG-IP app delivery controllers, which are used for various networking functions, including app-security management and load-balancing. Despite a patch being available, Shodan shows almost 8,500 vulnerable devices are still available on the internet.

Not long after the flaw was disclosed, public exploits were made available for it, leading to mass scanning for vulnerable devices by attackers and ultimately active exploits. Researchers warn that they’ve seen attackers targeting the flaw over the weekend for various malicious activities, including launching Mirai variant DvrHelper, deploying cryptocurrency mining malware and scraping credentials “in an automated fashion.”

Rich Warren, principal security consultant for NCC Group, said Monday on Twitter that “as of this morning we are seeing an uptick in RCE attempts against our honeypots, using a combination of either the public Metasploit module, or similar via Python.”

#vulnerabilities #web security #security