Security News > 2022 > May > CISA shares guidance to block ongoing F5 BIG-IP attacks
In a joint advisory issued today, CISA and the Multi-State Information Sharing and Analysis Center warned admins of active attacks targeting a critical F5 BIG-IP network security vulnerability.
"CISA encourages users and administrators to review the joint advisory for detection methods and mitigations, which include updating F5 BIG-IP software, or, if unable to immediately update, applying temporary workarounds," the cybersecurity agency added.
Admins are urged to remove F5 BIG-IP management interfaces from the internet and enforce multi-factor authentication as soon as possible to block access to vulnerable devices.
Although most of these threat actors only dropped web shells on compromised devices initially, the SANS Internet Storm Center and security researcher Kevin Beaumont spotted attacks where the malicious actors wiped vulnerable BIG-IP devices' Linux file systems.
"We have been in contact with SANS and are investigating the issue. If customers have not already done so, we urge them to update to a fixed version of BIG-IP or implement one of the mitigations detailed in the security advisory," F5 said when BleepingComputer reached out for more info on these destructive attacks.
Today's advisory follows the inclusion of the CVE-2022-1388 F5 BIG-IP bug on CISA's list of actively exploited bugs a week ago.
News URL
Related news
- CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-05 | CVE-2022-1388 | Missing Authentication for Critical Function vulnerability in F5 products On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. | 9.8 |