HC3 Analyst Note TLP White: Critical Vulnerability in F5 Network Management/Security (BIG-IP) Tools
The information technology vendor, F5, disclosed a significant vulnerability in their BIG-IP suite of tools which, when exploited, allows for remote code execution ultimately leading to complete compromise of the host and the potential for further compromise of the network which it sits on. These technologies are used for network/traffic management and security and are intended to support the delivery of business-critical applications. The healthcare industry is believed to operate a number of BIG-IP servers. F5 has released software updates which include fixes for this vulnerability and HC3 recommends immediate implementation of these upgrades. By updating a system, this vulnerability becomes fully patched and no longer presents an opportunity for compromise.