HC3 Analyst Note TLP White: Critical Vulnerability in F5 Network Management/Security (BIG-IP) Tools

The information technology vendor, F5, disclosed a significant vulnerability in their BIG-IP suite of tools which, when exploited, allows for remote code execution ultimately leading to complete compromise of the host and the potential for further compromise of the network which it sits on. These technologies are used for network/traffic management and security and are intended to support the delivery of business-critical applications. The healthcare industry is believed to operate a number of BIG-IP servers. F5 has released software updates which include fixes for this vulnerability and HC3 recommends immediate implementation of these upgrades. By updating a system, this vulnerability becomes fully patched and no longer presents an opportunity for compromise.

Related Resources

Standards/Guidelines
Public
Agent Tesla is an established Remote Access Trojan (RAT) written in .Net. A successful deployment of Agent Tesla provides attackers with full computer or…
Webinar Recordings
Public
The U.S. Department of Health and Human Services’ (HHS) Health Sector Cybersecurity Coordination Center (HC3) invites you to join its monthly cybersecurity…
Guides/Reports
Working from Home during COVID-19 Pandemic During the COVID-19 pandemic, many physicians are working from home, using their personal computers and mobile…
Guides/Reports
Public
Mozilla Patches Critical Vulnerabilities in Firefox, Firefox ESR 04/03/2020 04:45 PM EDT Original release date: April 3, 2020 Mozilla has released security…
Special Bulletin
Public
A recent campaign of cyberattacks from a foreign threat actor targeted healthcare organizations and specifically exploited Citrix and Zoho technologies used…
Advisory
Public
The Centers for Medicare & Medicaid Services will prioritize and conduct only certain surveys during the COVID-19 national emergency’s three-week…