top of page
Writer's pictureotw

Finding the F5 Systems Vulnerable to CVE-2020-5902 using Shodan

Updated: Dec 30, 2022

Welcome back, my aspiring cyberwarriors!


On July 4, 2020 (US Independence Day), F5 released a security patch for their BIG-IP systems that allows the attacker to take control of the affected systems. This vulnerability is rated a 10/10 in severity and assigned CVE-2020-5902. This vulnerability is so severe that an attacker with even rudimentary skills can;


to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code. This vulnerability may result in complete system compromise. The BIG-IP system in Appliance mode is also vulnerable.


Presently, there are thousands of these unpatched systems around the world. Let's see if we can find a few using Shodan.


Step #1: Go to Shodan.io and Login


Login to shodan.io.


Step #2: Search for Vulnerable Systems


Next, enter the following search in the Shodan search window;


http.title:BIG-IP&re:-Redirect





As you can see above, there are presently 8400 systems around the world vulnerable to CVE-2020-5902. Over 3300 are in the US and 1300 in China.


Summary


This vulnerability is widespread and extraordinarily severe, enabling the attacker to take control of the system with a minimum of skills. As attackers are already beginning to compromise these systems in the wild, it is imperative that if one of these 8400 systems is yours that you patch it immediately!




6,437 views
bottom of page