Original URL: http://www.theregister.co.uk/2012/06/13/f5_kit_metasploit_exploit/
Exploit posted for vulnerable F5 kit
Metasploit code on Github gives remote access to BigIP
Posted in Security, 13th June 2012 00:30 GMT
Watch Now : Virtual Machine Movement with Hyper-V
A vulnerability in F5 kit first announced in February may be in the wild, with code posted to Github purporting to be an exploit.
The original advisory [1] stated that vulnerable installations of F5’s BigIP and other systems allowed an attacker to log in as root, because the vulnerability exposed the device’s SSH private key. F5 responded [2] earlier this month.
Since it’s only seven days since F5 issued its advisory – and the patch – it’s likely that unpatched systems still exist.
F5 describes the issue as “A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.”
Today, exploit code has been posted [3] to Github. That code purports to gain remote access to some of the affected F5 systems – its BigIP devices.
The vulnerability can be addressed either by users upgrading to a non-vulnerable version, or reconfiguring SSH access (instructions are provided at the F5 link).
The Register has sought comment from F5. ®