top of page
Search
  • Writer's pictureotw

Finding the F5 Systems Vulnerable to CVE-2020-5902 using Shodan

Updated: Dec 30, 2022

Welcome back, my aspiring cyberwarriors!


On July 4, 2020 (US Independence Day), F5 released a security patch for their BIG-IP systems that allows the attacker to take control of the affected systems. This vulnerability is rated a 10/10 in severity and assigned CVE-2020-5902. This vulnerability is so severe that an attacker with even rudimentary skills can;


to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code. This vulnerability may result in complete system compromise. The BIG-IP system in Appliance mode is also vulnerable.


Presently, there are thousands of these unpatched systems around the world. Let's see if we can find a few using Shodan.


Step #1: Go to Shodan.io and Login


Login to shodan.io.


Step #2: Search for Vulnerable Systems


Next, enter the following search in the Shodan search window;


http.title:BIG-IP&re:-Redirect





As you can see above, there are presently 8400 systems around the world vulnerable to CVE-2020-5902. Over 3300 are in the US and 1300 in China.


Summary


This vulnerability is widespread and extraordinarily severe, enabling the attacker to take control of the system with a minimum of skills. As attackers are already beginning to compromise these systems in the wild, it is imperative that if one of these 8400 systems is yours that you patch it immediately!




6,351 views1 comment

1 Comment


astriddavina54
astriddavina54
Jan 03, 2023

Do you suspect your spouse of cheating, are you being overly paranoid or seeing signs of infidelity…Then he sure is cheating: I was in that exact same position when I met Henry through my best friend James who helped me hack into my boyfriend’s phone, it was like a miracle when he helped me clone my boyfriend’s phone and I got first-hand information from his phone. Now I get all his incoming and outgoing text messages, emails, call logs, web browsing history, photos and videos, instant messengers(facebook, whatsapp, bbm, IG etc) , GPS locations, phone taps to get live transmissions on all phone conversations. if you need help contact his gmail on , Henryclarkethicalhacker@gmail.com, and you can also , whatsap…


Like
bottom of page