Researchers are warning against a critical RCE flaw in F5 BIG-IP, for which several exploits have been created by several researchers. Experts suggest applying the latest security updates at the earliest to prevent any attacks.

About the flaw

A week ago, F5 disclosed a critical RCE, tracked as CVE-2022-1388, in BIG-IP networking devices.
  • This vulnerability impacts the BIG-IP iControl REST authentication component and allows remote attackers to bypass authentication and run commands on the device with elevated privileges.
  • The vulnerable devices are mostly used in the enterprise and may allow attackers to exploit the flaw for gaining initial access to networks and spreading laterally to other devices.
  • This vulnerability only affects the management side of the device that is exposed to the internet.

The exploits

It has been reported that multiple researchers have created exploits for this new F5 BIG-IP vulnerability
  • It took researchers two days to create the exploit and they expect that attackers may also reach the root cause easily. 
  • The impact of this exploit could be significant as it allows threat actors to gain root access to the devices.
  • At present, there are 2,500 devices exposed to the internet, making this a significant risk to organizations.

Prevention and mitigation

F5 has already released BIG-IP security updates that admins can apply for certain firmware versions. The devices running 11.x and 12.x firmware versions will not receive security updates. Further, the firm has released three mitigations (1, 2, 3) for those who cannot upgrade their BIG-IP devices.

Concluding notes

Thus far, no active exploitation of this vulnerability has been observed in the wild. However, experts do suspect that attackers may be able to reach the root cause and start exploiting the vulnerability very soon. Therefore, having a robust patch management system can help protect against such threats.
Cyware Publisher