Has your cybersecurity been compromised?

We respect your privacy, and we hate spam as much as you. Which is why we will never share your email address with anyone.

Enquire Now

Top Middle East Cyber Threat- 19 August 2019

By   |  Posted Monday, 19th August 2019

At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cyber security threat landscape and are among the first in the region to learn and act upon new threats.

In this blog, we share the top cyber security threat our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead:

1) Big Flaw in Big-IP Load Balancers

An F-secure researcher recently discovered a security flaw in F5 Networks’ BIG-IP load balancer. The use of certain coding practices allows attackers to inject arbitrary Tool Command Lanugage (Tcl) commands, which could be executed in the security content of the target Tcl script.

Attackers who successful exploit this vulnerability could use the compromised load balancing device to launch more attacks, putting the target organization at risk of a data breach. As more than 300,000 organizations use BIG-IP, the scope of this attack is large.

Attack Description:

A security issue is present in the iRule feature which is created using the Tool command language.

A successful exploit can misuse the compromised BIG-IP device, allowing the attacker to use it as a beachhead to launch more attacks. This includes stealing data from the organization, intercepting and manipulating web traffic to expose sensitive information, and attacking individuals attempting to use services provided by the compromised BIG-IP device. Furthermore, attackers could cover their tracks and eliminate any evidence that an attack took place on the device by deleting logs that contain evidence of post-exploit activity.

To overcome this challenge, you can perform any one of the following methods to verify whether your device has been compromised by the attack:

Method 1:

  1. Generate the qkview and upload it to https://ihealth.f5.com.
  2. Under diagnostic – Importance select critical, high, medium and low. Status issues found and pass.

If your device is not affected, then you will observe that the issue is passed.

Method 2:

The following command can be run on BIG-IP iHealth Diagnostic Tool:

# tmsh load sys config verify


/Common/irule_PROXY:26: warning: [use curly braces to avoid double substitution][[string length ${servername}]]

More details about the same can be found in the following article: https://support.f5.com/csp/article/K57410758


Given below are a few recommendations to detect and defend against the iRule injection:

  • Create an inventory of active iRule scripts and establish a version control repository for each script and their dependencies.
  • Convert scripts to pure Tcl and run tclscan.tcl to establish easy to detect vulnerabilities (download the code at https://github.com/kugg/tclscan).
  • Run iruledetector.py in Burpsuite to test if any user action can lead to iRule injections.
  • Test the logic of iRule script.

As always, at Help AG, we’re here to help you protect against these any other cyber threats so please reach out to us for all your cyber security needs.



At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a…

Read More


As the region’s trusted security advisor, Help AG plays an ongoing role in raising awareness about the latest cyber security trends in the Middle East. Our Security Spotlight…

Read More


Up until now the IoT market has been driven by consumer products. But there is no doubt that the appetite for adoption of new technology here in the…

Read More

Back to Top