Loading

Threat Advisory: Unauthenticated Access via F5 BIG-IP (CVE-2022-1388) 

Threat Advisory F5 BIG IP

Threat 

Unauthenticated access via F5 BIG-IP 

Vulnerability 

F5 Networks BIG-IP : BIG-IP iControl REST vulnerability (CVE-2022-1388)1 

  • CVSS – 9.8 CRITICAL 
  • Vulnerability Publication Date – 5/5/2022 
  • Exploits Available – Unknown 

Description 

The security flaw in F5 BIG-IP versions prior to 16.1.2.2, 15.1.5.1, 14.1.4.6, 13.1.5, 12.1.6, and 11.6.5 allows for threat actors to bypass authentication and gain network access.2 This can lead to threat actor executing arbitrary commands, creating or deleting files, or disabling services. 

While there are currently no publicly known exploits for this vulnerability, security researcher Nate Warfield reported that there are 16,000 BIG-IP devices externally accessible.3 This is a large potential attack surface and could soon see it being exploited.  

Recommendations / Remediation 

Contact FortifyData for a demonstration and discussion on how we can identify this vulnerability through our internal risk assessment.

Mitigations according to F54: 

  • Block iControl REST access through the self IP address 
  • Block iControl REST access through the management interface 
  • Modify the BIG-IP httpd configuration 

For remediation, upgrade to one of the unaffected versions.5 

**These are generalized recommendations that may not be effective for all organizations and environments. ** 

References 

  1. https://www.cve.org/CVERecord?id=CVE-2022-1388 
  2. https://threatpost.com/f5-critical-bugbig-ip-systems/179514/ 
  3. https://twitter.com/n0x08/status/1521921249596768256?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1521921249596768256%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ff5-warns-of-critical-big-ip-rce-bug-allowing-device-takeover%2F 
  4. https://support.f5.com/csp/article/K23605346#proc1 
  5. https://support.f5.com/csp/article/K23605346