Warning: F5 BIG-IP iControl REST vulnerability could lead to device takeover Risks

Reference:
Advisory #2022-012

Version:
1.0

Affected software:
11.6.1 - 11.6.5
12.1.0 - 12.1.6
13.1.0 - 13.1.4
14.1.0 - 14.1.4
15.1.0 - 15.1.5
16.1.0 - 16.1.2
F5 BIG-IP (all modules) versions:

Type:
Remote Code Execution + Information Disclosure

CVE/CVSS:
CVE-2022-1388 (CVSS 9.8)

Sources

https://support.f5.com/csp/article/K55879220
https://support.f5.com/csp/article/K23605346

Risks

Exploitation of CVE-2022-1388 could allow an unauthenticated attacker with network access to an F5 BIG-IP device through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services.

Description

On May the 4th, network security firm F5 published an overview of vulnerabilities affecting several of their products. Among these is CVE-2022-1388, which is rated as critical with a CVSSv3 score of 9.8. The Centre for Cyber Security Belgium recommends administrators of F5 BIG-IP network devices to check if their devices are affected according to the KB article and patch their devices as soon as possible if their devices are determined to be vulnerable.
In the scenario that it would not be possible to patch any time soon, F5 has provided mitigation guidance scenario’s on the KB article. Past incidents have shown that it does not take long for cyber threat actors to start scanning the public internet looking for devices that may be vulnerable to critical vulnerabilities in order to exploit them. Active exploits have already been observed.

Recommended Actions

• The Centre for Cyber Security Belgium recommends system administrators of F5 BIG-IP network devices to update their devices as soon as possible.
• Follow the mitigation guide on the F5 website only if no patch is available for your current device.

References

https://support.f5.com/csp/article/K55879220
https://support.f5.com/csp/article/K23605346
https://thehackernews.com/2022/05/researchers-develop-rce-exploit-for.html