Critical vulnerability in BIG-IP

Overview

Network security company F5 has released an advisory to address multiple vulnerabilities in their products including a critical vulnerability (CVE-2022-1388) in BIG-IP devices. The remote code execution (RCE) flaw could allow an attacker to bypass the iControl REST authentication.

Impact

An unauthenticated network-based attacker could be able to execute arbitrary system commands, create or delete files, or disable services.

Vulnerability Detection

Vulnerability scanners like Qualys and Nessus have plugins to detect it.

Affected Products

BIG-IP versions 16.1.0 to 16.1.2 BIG-IP versions 15.1.0 to 15.1.5 BIG-IP versions 14.1.0 to 14.1.4 BIG-IP versions 13.1.0 to 13.1.4 BIG-IP versions 12.1.0 to 12.1.6 BIG-IP versions 11.6.1 to 11.6.5

Containment, Mitigations & Remediations

F5 has listed some temporary mitigations on their website.

Indicators of Compromise

None listed.

Threat Landscape

Not known to be exploited in the wild.

Mitre Methodologies

T1210 – Exploitation of Remote Services

Further Information

K55879220: Overview of F5 vulnerabilities (May 2022)

K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388