Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

Positive Technologies Helps Eliminate DoS Vulnerability in F5 Big-IP Application Delivery Controller

F5 has fixed a vulnerability in the configuration interface of the popular BIG-IP application delivery controller. The bug, discovered by Positive Technologies expert Nikita Abramov, affected a product that is used by some of the world’s leading companies, and would allow remote hackers to cause denial of service attacks to the controller.

Recommended AI News: Epsilon Appoints Warren AW as Managing Director, Asia-Pacific to Accelerate Growth in APAC

Vulnerability CVE-2020-27716 received a CVSS score of 7.5, reflecting a high degree of danger. 

Related Posts
1 of 14,318

Nikita Abramov researcher at Positive Technologies explains: “Vulnerabilities like this one are quite commonly found in code. They can occur for different reasons, for example unconsciously neglected by developers or due to insufficient additional checks being carried out. I discovered this vulnerability during binary analysis. Flaws like this one can be detected using non-standard requests and by analyzing logic and logical inconsistencies.  This attack did not require any tools: an attacker could just send a simple HTTP request to the server where the BIG-IP configuration utility is located, and that would be enough to block access to the controller for a while (until it automatically restarts).”

Recommended AI News: Infutor Property Data Enables Urban Institute’s Research on Disaster-Related Household Mobility

In July 2020, F5 fixed vulnerability CVE-2020-5902, which was discovered by Mikhail Klyuchnikov. That vulnerability received a CVSS score of 10, indicating the highest degree of danger. Using this error, an attacker could potentially execute commands impersonating an unauthorized user, which would then completely compromise the system. For example, an attacker could utilize this to intercept the traffic of web resources managed by the controller.

Recommended AI News: Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World

Leave A Reply

Your email address will not be published.