Security News > 2022 > May > Critical F5 BIG-IP vulnerability targeted by destructive attacks
A recently disclosed F5 BIG-IP vulnerability has been used in destructive attacks, attempting to erase a device's file system and make the server unusable.
Last week, F5 disclosed a vulnerability tracked as CVE-2022-1388 that allows remote attackers to execute commands on BIG-IP network devices as 'root' without authentication.
While most attacks have been used to drop webshells for initial access to networks, steal SSH keys, and enumerate system information, SANS Internet Storm Center saw two attacks that targeted BIG-IP devices in a much more nefarious manner.
SANS told BleepingComputer that their honeypots saw two attacks coming from IP address 177.54.127[.]111 that executes the 'rm -rf /*' command on the targeted BIG-IP device.
Thankfully, these destructive attacks are not widespread, with threat actors looking to benefit from breaching the devices rather than causing damage.
While the destructive attacks seen by SANS may be rare, the fact that they are happening should be all the incentive an admin needs to get their devices updated to the latest patch levels.
News URL
Related news
- FortiManager critical vulnerability under active attack (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-05 | CVE-2022-1388 | Missing Authentication for Critical Function vulnerability in F5 products On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. | 9.8 |