What Do I Need to Know About CVE-2020-5902; the F5 Networks BigIP RCE Vulnerability

  • Webcast Aired Tuesday, 07 Jul 2020 1:00PM EDT (07 Jul 2020 17:00 UTC)
  • Speaker: Dr. Johannes Ullrich

Last Tuesday, June 30th, just ahead of the long holiday weekend in the US, F5 Networks set the stage for fireworks of a different kind. F5 released an update for its BigIP product line, fixing an unauthenticated remote code executing vulnerability discovered by Positive Technologies.

Just like that, the news was out, and around July 4th, exploits started to show up taking advantage of this vulnerability. Of significance, this vulnerability has a perfect 10 for its Common Vulnerability Scoring System (CVSS) score.

The issues are less of an emergency for users who properly isolate the management plane of their BigIP devices, but according to some estimates, there are still thousands of unprotected, unpatched devices available. The SANS Internet Storm Center began observing active scanning to try to find these vulnerable devices over the weekend, and it’s important for security teams to take immediate action to protect their organizations from threats.

In this webcast, we will discuss the F5 BigIP RCE vulnerability, exploit attempts seen in the wild, and what actions to take now to best protect your network.