What Do I Need to Know About CVE-2020-5902; the F5 Networks BigIP RCE Vulnerability

Channel:
United States SANS Institute
Subscribers:
64,000
Published on ● Video Link: https://www.youtube.com/watch?v=NmZFwE537Zg


Duration: 43:04
1,314 views
28

On June 30th, 2020, just ahead of the long holiday weekend in the US, F5 Networks set the stage for fireworks of a different kind. F5 released an update for its BigIP product line, fixing an unauthenticated remote code executing vulnerability discovered by Positive Technologies.

Just like that, the news was out, and around July 4th, exploits started to show up taking advantage of this vulnerability. Of significance, this vulnerability has a perfect 10 for its Common Vulnerability Scoring System (CVSS) score.

The issues are less of an emergency for users who properly isolate the management plane of their BigIP devices, but according to some estimates, there are still thousands of unprotected, unpatched devices available. The SANS Internet Storm Center began observing active scanning to try to find these vulnerable devices over the weekend, and it’s important for security teams to take immediate action to protect their organizations from threats.

In this webcast, we will discuss the F5 BigIP RCE vulnerability, exploit attempts seen in the wild, and what actions to take now to best protect your network.

Speaker Bio
Dr. Johannes Ullrich
As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. He also enjoys blogging about application security tips.

SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.



Other Videos By SANS Institute


2020-08-07SANS Class Prep - Systems Requirements
2020-08-07SANS Class Prep Intro - What to complete prior to class
2020-07-30SANS OnDemand Interactive Live Lab Environment Demo: Local & Remote Lab Demonstrations
2020-07-2810 Visibility Gaps Every CISO Must Fill | SANS@MIC Talk
2020-07-28No SQL Injection in MongoDB Applications | SANS@MIC Talk
2020-07-27How to Present Cyber Security Risk to Senior Leadership | SANS Webcast
2020-07-27How to work in ways that will make your boss take notice! | SANS Webcast
2020-07-23Get Involved! Use Your OSINT Powers for Good! | SANS@MIC Talk
2020-07-21smbtimeline - An automated timeline for SMB Traffic | SANS@MIC Talk
2020-07-17Git'ing Users for OSINT: Analysis of All GitHub Users | SANS@MIC Talk
2020-07-16What Do I Need to Know About CVE-2020-5902; the F5 Networks BigIP RCE Vulnerability
2020-07-16What You Need to Know About the Windows DNS Vulnerability - CVE-2020-1350
2020-07-14Course Preview: Successful Infosec Consulting, Getting Clients Deep Dive | SANS@MIC Talk
2020-07-09Checkm8, Checkra1n and the new "golden age" for iOS Forensics | SANS@MIC Talk
2020-07-09Welcome to SANS Community CTF - Services Challenges
2020-07-07The 14 Absolute Truths of Security | SANS@MIC Talk
2020-07-01Defending Lift and Shift Cloud Applications | SANS@MIC Talk
2020-06-30#LevelUpLabs | SANS@MIC Talk
2020-06-30Leveraging Organizational Change to Build a Strong Security Culture
2020-06-26SEC510: Multicloud Security Assessment and Defense | SANS@MIC Talk
2020-06-26Threat Hunting via DNS | SANS@MIC Talk


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training
CVE-2020-5902
F5 Vulnerability
Internet Storm Center