Critical F5 BIG-IP flaw allows device takeover, patch ASAP! (CVE-2022-1388)

F5 Networks’ BIG-IP multi-purpose networking devices / modules are vulnerable to unauthenticated remote code execution attacks via CVE-2022-1388.

“This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and / or self IP addresses to execute arbitrary system commands, create or delete files, or disable services,” F5 warned yesterday.

About CVE-2022-1388

CVE-2022-1388 allows undisclosed requests to bypass iControl REST authentication – just like CVE-2021-22986, which has been patched in March 2021 and subsequently leveraged by attackers.

The vulnerability has been discovered internally by F5, and there’s currently no PoC exploit publicly available, but it’s just a matter of time until one pops up after attackers reverse-engineer the patch. Also, it should be noted that vulnerabilities affecting BIG-IP devices are often exploited by various hackers, including state-sponsored onesso organizations might want to hurry up and patch.

F5 has released security updates plugging this and many other security holes that are not critical. For CVE-2022-1388, they also provided mitigation advice in case installing a fixed version is not possible, and it includes:

  • Blocking iControl REST access through the self IP address
  • Blocking iControl REST access through the management interface
  • Modifying the BIG-IP httpd configuration

In general, not exposing BIG-IP’s management interface to the internet is good advice, though apparently not taken by many organizations: According to the results of Nate Warfield’s Shodan search, there are over 16,000 BIG-IP devices eposed on the internet out there.

According to F5 Networks, 48 ​​of the Fortune 50 companies use BIG-IP networking devices / modules as server load balancers, access gateways, and application delivery controllers and firewalls, to manage and inspect network and application traffic. They are used by ISPs, telecommunications companies, big cloud service providers, and governments.

Source

F5 Networks’ BIG-IP multi-purpose networking devices / modules are vulnerable to unauthenticated remote code execution attacks via CVE-2022-1388.

“This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and / or self IP addresses to execute arbitrary system commands, create or delete files, or disable services,” F5 warned yesterday.

About CVE-2022-1388

CVE-2022-1388 allows undisclosed requests to bypass iControl REST authentication – just like CVE-2021-22986, which has been patched in March 2021 and subsequently leveraged by attackers.

The vulnerability has been discovered internally by F5, and there’s currently no PoC exploit publicly available, but it’s just a matter of time until one pops up after attackers reverse-engineer the patch. Also, it should be noted that vulnerabilities affecting BIG-IP devices are often exploited by various hackers, including state-sponsored onesso organizations might want to hurry up and patch.

F5 has released security updates plugging this and many other security holes that are not critical. For CVE-2022-1388, they also provided mitigation advice in case installing a fixed version is not possible, and it includes:

  • Blocking iControl REST access through the self IP address
  • Blocking iControl REST access through the management interface
  • Modifying the BIG-IP httpd configuration

In general, not exposing BIG-IP’s management interface to the internet is good advice, though apparently not taken by many organizations: According to the results of Nate Warfield’s Shodan search, there are over 16,000 BIG-IP devices eposed on the internet out there.

According to F5 Networks, 48 ​​of the Fortune 50 companies use BIG-IP networking devices / modules as server load balancers, access gateways, and application delivery controllers and firewalls, to manage and inspect network and application traffic. They are used by ISPs, telecommunications companies, big cloud service providers, and governments.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Senators Urge FTC to Probe ID.me Over Selfie Data – Krebs on Security

Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for “deceptive statements”...

Personal Information of Nearly Two Million Texans Exposed

The personal information of nearly two million Texans was exposed for nearly three years due to a programming issue at the Texas Department of...

Critical VMware Bug Exploits Continue, as Botnet Operators Jump In

Recently uncovered VMware vulnerabilities continue to anchor an ongoing wave of cyberattacks bent on dropping various payloads. In the latest spate of activity,...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!