Hi Nikhil,
While the CVE-2020-5902 is blocked by Imperva, pls review your setup
- is the site has IRA blocked in WAF setting?
- is the Origin open to Internet if not add only Imperva IP to reach Origin?
- Is F5 before FW or self or TMUI port was open to internet ?
From their KB -
https://support.f5.com/csp/article/K52145254Important: If your BIG-IP system has TMUI exposed to the Internet and it does not have a patched version of software installed, there is a high probability that it has been compromised and you should follow your internal incident response procedures. Please see the Indications of compromise section below.
Note: Authenticated users accessing the Configuration utility will always be able to exploit this vulnerability until a fixed release is installed.
Review SIEM for /tmui and check the response and best reach out to F5 support for latest update.
Thanks
Abhishek ------------------------------
Abhishek Gupta
Customer Success team
Imperva
------------------------------
Original Message:
Sent: 07-09-2020 03:01
From: Nikhil Chodankar
Subject: Is Incapsula providing protection against CVE-2020-5902
HI Community Members,
I wanted to ask if Incapsula is providing off-the-shelf protection against CVE-2020-5902? Do i need to create any custom rules for this?
#CloudWAF(formerlyIncapsula)
------------------------------
Nikhil Chodankar
Prudential Services Asia
------------------------------