Security News > 2022 > May > CISA tells federal agencies to fix actively exploited F5 BIG-IP bug
The U.S. Cybersecurity and Infrastructure Security Agency has added a new security vulnerability to its list of actively exploited bugs, the critical severity CVE-2022-1388 affecting BIG-IP network devices.
After info F5 BIG-IP exploits used in attacks to brick devices surfaced, CISA added the flaw to the Known Exploited Vulnerabilities Catalog.
According to the BOD 22-01 binding operational directive issued in November, all Federal Civilian Executive Branch Agencies agencies must secure their systems against attacks that would abuse security flaws added to CISA's KEV catalog.
On Tuesday, the U.S. cybersecurity agency has given the agencies three weeks, until May 31st, to patch the actively exploited CVE-2022-1388 vulnerability to block any ongoing and, potentially, destructive exploitation attempts.
Although the directive only applies to U.S. federal agencies, CISA also strongly urges all organizations to fix this bug to hinder attacks.
Since BOD 22-01 was issued, CISA has added hundreds of security bugs to its list of vulnerabilities actively exploited in attacks, ordering U.S. federal agencies to patch to prevent breaches.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-05 | CVE-2022-1388 | Missing Authentication for Critical Function vulnerability in F5 products On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. | 9.8 |