The fallout from a deeply critical (CVSS 10) security flaw in F5 Networks’ BIG-IP tool continues, after security firm CRITICALSTART revealed that mitigation could be bypassed and an NCC Group honeypot showed the bypass being exploited in the wild.
UK-based security firm NCC Group has been tracking the incident closely and says that approximately 6,000 internet exposed F5 devices are now potentially vulnerable again.
F5 Networks Mitigation Bypass: New Version Below
F5 Networks has updated its guidance, saying:
“The earlier version of the mitigation, which used <LocationMatch