Jonathan Chua, application security consultant at app security provider nVisium, noted that F5 Big IP has been targeted by security researchers and adversaries due to the product’s vulnerable, external nature. “Several F5 application services can be hosted externally, allowing any internet user to attempt to connect to the service,” he told Threatpost on Thursday. “Due to the ease of accessibility and the amount of publicly known vulnerabilities associated with F5 applications, the service becomes a prime target for adversaries to break into a company’s network via the external perimeter.”
He pointed to the F5 Traffic Management User Interface (TMUI), which is being actively exploited, as one example. The service is often available on a company’s external perimeter and contains a critical RCE vulnerability, he noted. “As a result, if the service is exploited, such service may provide external attackers an initial foothold in a company’s internal network,” Chua said in an email.