Hackers are exploiting popular networking gear used in most Fortune 50 companies

Cal Jeffrey

Posts: 3,494   +1,040
Staff member
Why it matters: Hackers are using an empty password exploit to gain root control over entire networks. Thousands of devices have already been hit. If you are an admin using F5's BIG-IP devices, get them updated as soon as possible.

Security researchers discovered a severe vulnerability in sensitive networking gear used by most of the top Fortune 50 companies. The flaw, CVE-2022-1388, has a severity rating of 9.8 out of 10. It warrants the high ranking because hackers are already exploiting the weakness, which allows them to execute root commands without even entering a password, giving them complete control of the network.

The vulnerability resides in F5's BIG-IP line of networking gear. Companies use this equipment for load balancing, firewalls, and data encryption. It is particularly concerning since BIG-IP is often used on network edges to manage traffic and can see the decrypted data from HTTPS-protected sites. Security firm Randori notes that researchers have recorded over 16,000 instances of the exploit using Shodan.

Apparently, the devices have an authentication code, YWRtaW46, that some thought was a hard-coded password. However, vulnerability analyst Will Dormann points out that YWRtaW46 is just the word "admin:" in Base64 format --a default authentication for many internet-capable devices.

Many security professionals were stunned at this gaping hole.

Fortunately, F5 issued a fix on May 4 to plug the hole, but several companies are likely still scrambling to get all of their equipment updated. The firm says that the exploit involved a flawed implementation of the iControl REST --a set of web-based configuration and management interfaces for BIG-IP devices. It highly advised businesses to evaluate their equipment for this vulnerability and provided a chart of affected devices.

Randori posted a bash script that admins can run to check for vulnerabilities. It also has other mitigation suggestions to use while updating the network's hardware.

Permalink to story.

 

Vanderlinde

Posts: 141   +101
There are so many home routers hooked up to the internet and set to wide open, without recieving years of security updates let alone how one knows how to even update it's firmware, participating into a botnet. There should be something that if a company releases any device, security updates have to be mandatory for the next 10 years. Or simply dont sell hardware if thats not your concern.
 

Plutoisaplanet

Posts: 694   +1,089
My employer uses F5 devices and patched these the day the fix came out, on May 4. Anyone still patching these devices is incompetent and should probably be let go.
 

Uncle Al

Posts: 8,759   +7,671
Corporations, despite all their claims about being and staying on the cutting edge, tend to be far behind the rest of the world. When it comes to IT too many of them are going the cheaper road only to discover the hard way that all that is saved is quickly lost to a hacker .....
 

BigRedPDX

Posts: 271   +191
I worked for one of those companies that had BIG-IP equipment. Hope they get it updated in time. Glad my tiny network infrastructure at my current job is outside of this mayhem.
 

bviktor

Posts: 847   +1,264
My employer uses F5 devices and patched these the day the fix came out, on May 4. Anyone still patching these devices is incompetent and should probably be let go.
Most companies don't do any regular patching. At all.

ISO 27001 requires you to patch - at pre-defined intervals that you decide on.

It's really a miracle that we still have a working infrastructure with the way things are.