Company

ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

EVENT CALENDAR

Apr

Data Connectors St. Louis

May

Milwaukee Cybersecurity Summit

May

RSA Conference

May

Secure360 Conference

Jun

Dallas Technology Summit

View Calendar →

LATEST PRESS RELEASE

Apr 03, 2024

Global Cybersecurity Solutions Provider, eSentire, Launches a New Technology Innovation Center in India

Bengaluru, India – April 4, 2024 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), announced today the opening of its new Technology Innovation Center in India, under the legal entity eSentire India Private Limited. The Innovation Center will extend eSentire’s global…

View Newsroom →

Partners

PARTNER PROGRAM

We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.

LEARN MORE →

Apply to become an e3 ecosystem partner with eSentire today.

APPLY NOW →

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT:

Proof-of-Concept (PoC) code was publicly released on July 5th for a vulnerability affecting F5 BIG-IP (CVE-2020-5902). The vulnerability was publicly disclosed by F5 last week but has become more critical due to recent public exploitation. If exploited, CVE-2020-5902 allows for Remote Code Execution (RCE) at the admin level. This level of access could be used to deploy malware or perform a wide variety of other malicious actions. Organizations making use of F5 BIG-IP are highly recommended to apply the official security patches as soon as possible.

What we’re doing about it

Known malicious IP addresses have been added to the eSentire Blacklist
MVS (formerly esRECON) has a local plugin to identify vulnerable devices
- Contact your eSentire representative to ensure configuration requirements are met
eSentire security teams continue to track this topic for additional details and detection opportunities

What you should do about it

After performing a business impact review, apply the official security patches provided by F5
If patches cannot be applied, review and apply the temporary mitigations from F5 [2][3][4]
Review network configuration of the BIG-IP device to ensure the TMUI is not internet facing

Additional information

The vulnerability resides in an undisclosed page in the Traffic Management User Interface (TMUI), also known as the Configuration Utility. Attacks in the wild have reportedly exploited the vulnerability to deploy cryptocurrency miners [1]. A major concern is that threat actor groups will exploit this vulnerability to distribute threats with a higher impact, such as ransomware.

The BIG-IP Traffic Management User Interface should not be exposed to the internet. Properly configuring the application will minimize the likelihood of a successful attack. Publicly exposed versions of BIG-IP are still common; searches via the IoT search engine Shodan, show that over 8,000 instances are exposed at the time of writing.

Vulnerable versions of BIG-IP

11.6.x
12.1.x
13.1.x
14.1.x
15.0.x
15.1.x

References:

[1] https://twitter.com/buffaloverflow/status/1279384540847489024

[2] https://support.f5.com/csp/article/K52145254#all

[3] https://support.f5.com/csp/article/K52145254#self

[4] https://support.f5.com/csp/article/K52145254#mgmt

ESENTIRE SERVICES

Managed Detection and Response

Digital Forensics and Incident Response

Exposure Management Services

ESENTIRE PLATFORM AND PEOPLE

Extended Detection and Response (XDR)

Security Operations Center (SOC)

Threat Response Unit (TRU)

Cyber Resilience Team

eSentire MDR for Microsoft

USE CASES

Ransomware

Cybersecurity Compliance

Zero Day Attacks

Cloud Misconfiguration

Third-Party Risk

Do More With Less

Cyber Risk

Cyber Insurance

Sensitive Data Security

INDUSTRIES

Insurance

Construction

Finance

Legal

Manufacturing

Private Equity

Healthcare

Retail

Food Supply

Government and Education

24/7 MDR SIGNALS

Network

Endpoint

Log

Cloud

Insider Threat

MDR Pricing

From The Blog

Building an Effective Threat Hunting Program for Proactive Cyber Defense

Don't Take the Bait: The XWorm Tax Scam

SolarMarker's Shift to PyInstaller Tactics

Resources

Case Studies

TRU Intelligence Center

Cybersecurity Tools

Videos

Reports

Webinars

Data Sheets

Real vs. Fake MDR

Blogs

Security Advisories

SECURITY ADVISORIES

Update: Zero-Day Vulnerability Impacts Palo Alto (CVE-2024-3400)

Zero-Day Vulnerability Impacts Palo Alto (CVE-2024-3400)

ABOUT ESENTIRE

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

EVENT CALENDAR

Data Connectors St. Louis

Milwaukee Cybersecurity Summit

RSA Conference

Secure360 Conference

Dallas Technology Summit

LATEST PRESS RELEASE

Global Cybersecurity Solutions Provider, eSentire, Launches a New Technology Innovation Center in India

PARTNER PROGRAM

Search our site

Quick Links

Multi-Signal Managed Detection and Response

24/7 Global Security Operations Centers

eSentire MDR Pricing

Cybersecurity Tools

TRU Intelligence Center

Case Studies and Customer Testimonials

Get Started →

The Proven Choice for
Managed Detection and Response

Sales and
Customer Support