The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today published a warning confirming the active exploitation of the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices.

CISA’s alert also provides additional mitigations and detection measures to help victims find out if their systems may have been compromised and recover after attacks that successfully exploited unpatched F5 devices.

Two orgs compromised after CVE-2020-5902 exploitation

According to F5’s security advisory, any remaining unpatched devices are probably already compromised during attacks that started just a few days after the company disclosed the security flaw.

“CISA has observed scanning and