Spies for hire Chinese spies capitalised on several critical-severity flaws in F5 and ConnectWise equipment to market access to infiltrated US defence.
An anonymous reader shared this report from The Register:
Chinese spies exploited a couple of critical-severity bugs in F5 and ConnectWise equipment earlier this year to sell access to compromised U.S. defense organizations, UK government agencies, and hundreds of other entities, according to Mandi.
Chinese snoops exploit F5, ConnectWise bugs to sell access theregister.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from theregister.com Daily Mail and Mail on Sunday newspapers.
Remote code execution, denial of service, API abuse possible. Meanwhile, FBI pegs China for Exchange hacks Share
Copy
Security and automation vendor F5 has warned of seven patch-ASAP-grade vulnerabilities in its Big-IP network security and traffic-grooming products, plus another 14 vulns worth fixing.
An advisory dated today lists seven CVEs, four rated critical.
Most of the bugs concern TMUI – the Traffic Management User Interface that users work with to drive F5 products – and they can be exploited to achieve remote code execution, denial of service attacks, or complete device takeovers; sometimes all three. The iControl REST API that F5 offers to automate its products is also problematic.