Security News > 2022 > May > CISA shares guidance to block ongoing F5 BIG-IP attacks

CISA shares guidance to block ongoing F5 BIG-IP attacks
2022-05-18 15:20

In a joint advisory issued today, CISA and the Multi-State Information Sharing and Analysis Center warned admins of active attacks targeting a critical F5 BIG-IP network security vulnerability.

"CISA encourages users and administrators to review the joint advisory for detection methods and mitigations, which include updating F5 BIG-IP software, or, if unable to immediately update, applying temporary workarounds," the cybersecurity agency added.

Admins are urged to remove F5 BIG-IP management interfaces from the internet and enforce multi-factor authentication as soon as possible to block access to vulnerable devices.

Although most of these threat actors only dropped web shells on compromised devices initially, the SANS Internet Storm Center and security researcher Kevin Beaumont spotted attacks where the malicious actors wiped vulnerable BIG-IP devices' Linux file systems.

"We have been in contact with SANS and are investigating the issue. If customers have not already done so, we urge them to update to a fixed version of BIG-IP or implement one of the mitigations detailed in the security advisory," F5 said when BleepingComputer reached out for more info on these destructive attacks.

Today's advisory follows the inclusion of the CVE-2022-1388 F5 BIG-IP bug on CISA's list of actively exploited bugs a week ago.


News URL

https://www.bleepingcomputer.com/news/security/cisa-shares-guidance-to-block-ongoing-f5-big-ip-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2022-1388 Missing Authentication for Critical Function vulnerability in F5 products
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication.
network
low complexity
f5 CWE-306
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
F5 210 52 501 206 41 800