Security News > 2022 > May > F5 warns of critical BIG-IP RCE bug allowing device takeover

F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. The vulnerability is tracked as CVE-2022-1388 and has a CVSS v3 severity rating of 9.8, categorized as critical.

According to F5's security advisory, the flaw lies in the iControl REST component and allows a malicious actor to send undisclosed requests to bypass the iControl REST authentication in BIG-IP. Due to the severity of the vulnerability and the widespread deployment of BIG-IP products in critical environments, CISA has also issued an alert today.

Block all access to the iControl REST interface of your BIG-IP system through self IP addresses, restrict access only to trusted users and devices via the management interface, or modify the BIG-IP httpd configuration.

Finally, F5 has released a more generic advisory to cover an additional set of 17 high-severity vulnerabilities discovered and fixed in BIG-IP, so make sure to check that one too.

With F5 BIG-IP devices commonly used in the enterprise, this vulnerability presents a significant risk for allowing threat actors to gain initial access to corporate networks.

Using the query shared by Warfield, Shodan shows that there are currently 16,142 F5 BIG-IP devices publicly exposed to the Internet.

News URL

https://www.bleepingcomputer.com/news/security/f5-warns-of-critical-big-ip-rce-bug-allowing-device-takeover/