A new critical remote code execution vulnerability (CVE-2020-5902) was found in the configuration interface of the F5 BIG-IP devices.
This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the Configuration utility, through the BIG-IP management port and/or self IPs, to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code. This vulnerability may result in complete system compromise (Source: F5 Networks)
F5 recommends upgrading the BIG-IP devices to a new version (invulnerable to CVE-2020-5902), However, upgrades may result in downtime or possible configuration adjustments that may be required. The workaround suggested by F5 is to modify the httpd service configuration.
Mitigating the vulnerability by using Cyberm8 Automation Platform
By using Cyberm8 Automation Platform, you can configure a task to scan your F5 devices for the vulnerability and patch the httpd service of the vulnerable BIG-IP devices automatically.
Once you input the list of the F5 Big-IP devices in your network (or in one of the public clouds), Cyberm8 Automation Platform will connect to the devices, test them for the CVE-2020-5902 vulnerability, modify the httpd service and provide a detailed report about the vulnerable devices that were found, and whether they were mitigated.
In addition to mitigating the vulnerability by running the task, you can have the system pull the list of your F5 devices from your network inventory management product, continuously test the newly added F5 devices for CVE-2020-5902 and mitigate the vulnerability automatically (or optionally – by using one of the “approval” procedures built into the automation platform).
Cyberm8 team will be happy to assist with the task configuration.
Contact us to hear more about our automation scenarios and schedule a demo.
https://www.cyberm8.com/request-a-demo/