Hackers are exploiting popular networking gear used in most Fortune 50 companies

Hackers are exploiting popular networking gear used in most Fortune 50 companies

Why it matters: Hackers are using an empty password exploit to gain root control over entire networks. Thousands of devices have already been hit. If you are an admin using F5’s BIG-IP devices, get them updated as soon as possible.

Security researchers discovered a severe vulnerability in sensitive networking gear used by most of the top Fortune 50 companies. The flaw, CVE-2022-1388, has a severity rating of 9.8 out of 10. It warrants the high ranking because hackers are already exploiting the weakness, which allows them to execute root commands without even entering a password, giving them complete control of the network.

The vulnerability resides in F5’s BIG-IP line of networking gear. Companies use this equipment for load balancing, firewalls, and data encryption. It is particularly concerning since BIG-IP is often used on network edges to manage traffic and can see the decrypted data from HTTPS-protected sites. Security firm Randori notes that researchers have recorded over 16,000 instances of the exploit using Shodan.

Apparently, the devices have an authentication code, YWRtaW46, that some thought was a hard-coded password. However, vulnerability analyst Will Dormann points out that YWRtaW46 is just the word “admin:” in Base64 format –a default authentication for many internet-capable devices.

Many security professionals were stunned at this gaping hole.

Fortunately, F5 issued a fix on May 4 to plug the hole, but several companies are likely still scrambling to get all of their equipment updated. The firm says that the exploit involved a flawed implementation of the iControl REST –a set of web-based configuration and management interfaces for BIG-IP devices. It highly advised businesses to evaluate their equipment for this vulnerability and provided a chart of affected devices.

Randori posted a bash script that admins can run to check for vulnerabilities. It also has other mitigation suggestions to use while updating the network’s hardware.


Please enter your comment!
Please enter your name here