Get in Touch
Network security company F5 has released an advisory to address multiple vulnerabilities in their products including a critical vulnerability (CVE-2022-1388) in BIG-IP devices. The remote code execution (RCE) flaw could allow an attacker to bypass the iControl REST authentication.
An unauthenticated network-based attacker could be able to execute arbitrary system commands, create or delete files, or disable services.
Vulnerability scanners like Qualys and Nessus have plugins to detect it.
BIG-IP versions 16.1.0 to 16.1.2 BIG-IP versions 15.1.0 to 15.1.5 BIG-IP versions 14.1.0 to 14.1.4 BIG-IP versions 13.1.0 to 13.1.4 BIG-IP versions 12.1.0 to 12.1.6 BIG-IP versions 11.6.1 to 11.6.5
Containment, Mitigations & Remediations
F5 has listed some temporary mitigations on their website.
Indicators of Compromise
Not known to be exploited in the wild.
T1210 – Exploitation of Remote Services