ISC StormCast for Monday, July 6th 2020
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 6 July 2020
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, July 7, 2020 edition of the Sands and Internet Storm Center's |
| 0:06.5 | Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida. |
| 0:13.7 | Last week, an interesting F5, Big IP, warnably hit the news, and over the the weekend we have started to see active scanning |
| 0:24.4 | to try to find vulnerable devices. The patch was released by F5 on June 30th. It's for CVE |
| 0:34.6 | 2020-202 and well the reason you should pay attention is that this vulnerability has a perfect 10 for its CVSS score. |
| 0:46.3 | Now, there are a couple of dependencies here for this vulnerability. |
| 0:51.3 | First of all, the traffic management user interface TMUI has to be installed |
| 0:57.2 | and has to be exposed. You don't have to expose it to the public. This is a management feature |
| 1:04.3 | and should only be available via the management plane, but then we know there are plenty of people who don't configure |
| 1:13.6 | these devices correctly and don't restrict access to the management interface. |
| 1:19.6 | And apparently, yes, there are a few thousand of them still not patched out on the Internet. |
| 1:26.6 | Now all of this got a little bit more prominence on July 2nd, so that was Thursday last week, |
| 1:34.6 | when Positive Technologies, the company that discovered this vulnerability, did release a brief blog post, |
| 1:43.0 | basically just announcing that they found this remote code execution |
| 1:48.0 | issue in F5's big IP product. As far as the impact goes, this vulnerability is pretty much as important as the |
| 1:58.0 | Citrix vulnerability over New Year's. However, with the Citrix vulnerability, |
| 2:04.2 | it was a little bit more complex to protect yourself. You couldn't just sort of isolate the management |
| 2:11.5 | plane in that particular case, even though that in some cases helped as well. Currently, there are plenty of tools out |
| 2:20.0 | there to detect if a device is vulnerable and these are the tools that are currently being used. |
| 2:27.0 | As one of the indicators of an exploit attempt, the URL will contain two dots followed by a semicolon. |
| 2:35.4 | So one of those directory traversal code injection type patterns that you would see as part of the attack. |
| 2:43.0 | And if you would like to scan your own network, well, there is a plugin available for NMAP. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.