5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild
Summary
A previously disclosed denial-of-service vulnerability in F5 BIG-IP Access Policy Manager (APM) has been reclassified as a critical pre-authentication remote code execution flaw. Initially rated with a CVSS score of 7.5, it has now been updated to 9.8, and is actively being exploited in the wild to deploy root-privileged malware. F5 has released patches for affected versions, and CISA has added it to its Known Exploited Vulnerabilities catalog.
IFF Assessment
This is bad news for defenders because a critical vulnerability that allows for remote code execution and is being actively exploited has been discovered and is being used to deploy malware.
Severity
The CVSS score of 9.8 reflects a critical remote code execution vulnerability that can be exploited remotely without authentication, making it highly impactful.
Defender Context
Defenders need to prioritize patching their F5 BIG-IP APM instances immediately and investigate for signs of compromise. The active exploitation and its reclassification to a critical RCE vulnerability mean that attackers are already leveraging this flaw to gain unauthorized access and deploy persistent malware.