Vulnerability

F5 BIG-IP vulnerability

This live blog contains information regarding the F5 BIG-IP vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on May 10, 2022.

Clip path group@2x

T-Update

Information about vulnerabilities

This live blog contains information regarding the F5 BIG-IP vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on May 10, 2022.

Update May 10, 2022

13:00 | On the 4th of May 2022, F5 has published security advisory K23605346 regarding a new vulnerability in the iControl REST API, referred to as CVE-2022-1388. This vulnerability affects the F5 BIG-IP products and allows an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands with root privileges. There is no data plane exposure; this is a control plane issue only.

On the 9th of May 2022, a proof-of-concept exploit was published, and active exploitation of the vulnerability is noticed.

F5 has published patches and several workarounds. It is advised to apply these mitigative actions as soon as possible.

Customized cyber security

Background

Risk

This vulnerability has a CVSSv3 score of 9.8. The CVSS scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with high impact.

Vulnerability CVE-2022-1388 allows an unauthenticated attacker to perform remote code execution with root privileges. Access to the iControl REST API via the management port and/or self IP addresses of the F5 BIG-IP solution is required. In most implementations these are not accessible from the internet.

Although limiting access to the management port and/or self IP addresses lowers the chance of exploitation, privilege escalation and/or lateral movement is likely in case an attacker already has access to internal systems.

Advice

Based on the F5 security advisory, the following products and versions are vulnerable:

  • F5 BIG-IP versions 16.1.0 – 16.1.2
  • F5 BIG-IP versions 15.1.0 – 15.1.5
  • F5 BIG-IP versions 14.1.0 – 14.1.4
  • F5 BIG-IP versions 13.1.0 – 13.1.4
  • F5 BIG-IP versions 12.1.0 – 12.1.6
  • F5 BIG-IP versions 11.6.1 – 11.6.5

F5 BIG-IP version 17 seems not to be impacted by this vulnerability.

F5 has published software updates mitigating the vulnerability for F5 BIG-IP versions 13 to 16. It is strongly advised to apply the patch as soon as possible, fixed versions:

  • F5 BIG-IP version 16.x – 16.1.2.2
  • F5 BIG-IP version 15.x – 15.1.5.1
  • F5 BIG-IP version 14.x – 14.1.4.6
  • F5 BIG-IP version 13.x – 13.1.5

No software updates will be published for versions 11.x and 12.x. The security advisory of F5 covers several workarounds for these versions and other cases where the security patch cannot be applied.

Sources

More information:

Ellipse 6

Sign up to receive T-Updates

Receive the latest vulnerabilities in your email every Wednesday

More than 1,000 organisations have already joined us.

Tesorion uses your data to send the requested information. In addition, your data may be used for commercial follow-up. You can unsubscribe from this at any time via the link in the email. For more information, read our privacy policy.

Ellipse 6