Security News > 2022 > May > CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency has added the recently disclosed F5 BIG-IP flaw to its Known Exploited Vulnerabilities Catalog following reports of active abuse in the wild.
"An attacker can use this vulnerability to do just about anything they want to on the vulnerable server," Horizon3.
Patches and mitigations for the flaw were announced on F5 on May 4, but it has been subjected to in-the-wild exploitation over the past week, with attackers attempting to install a web shell that grants backdoor access to the targeted systems.
"Due to the ease of exploiting this vulnerability, the public exploit code, and the fact that it provides root access, exploitation attempts are likely to increase," Rapid7 security researcher Ron Bowes noted.
"Widespread exploitation is somewhat mitigated by the small number of internet-facing F5 BIG-IP devices."
While F5 has since revised its advisory to include what it believes to be "Reliable" indicators of compromise, it has cautioned that "a skilled attacker can remove evidence of compromise, including log files, after successful exploitation."
News URL
https://thehackernews.com/2022/05/cisa-urges-organizations-to-patch.html
Related news
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)