Take Control of your BIG IP F5 Platform before Hackers do..
Syed Misbahuddin Hussaini
Technology Leader | Cybersecurity Specialist | Cloud & Windows Technologies Expert | Helps businesses to Secure Critical IT Infrastructure and smoothly run IT Operations.
Hackers are actively exploiting the latest vulnerabilities in Big IP F5 platform, read on to know more...
On May 4, 2022 F5 notified users of the existence of a vulnerability in BIG-IP iControl REST where undisclosed requests could bypass iControl REST authentication. F5 stated that the vulnerability could allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. The attacker, in other words, could gain complete control over the affected device.
The vulnerability listed as CVE-2022-1388 allows attackers to bypass authentication on internet-exposed iControl interfaces, potentially executing arbitrary commands, creating or deleting files, or disabling services.
The Australian Cyber Security Centre (ACSC) has announced it is aware of the existence of Proof of Concept (PoC) code exploiting a F5 Security Advisory Addressing Multiple Vulnerabilities in its BIG-IP Product Range.
A list of vulnerable products and versions can be found in the F5 KB article. Experts recommend to take Internet-facing devices offline and check if they are safe first, before applying the patches. If an attacker has already planted a backdoor, they can still control the product even after patching.
Until it is possible to install a fixed version, you can use the following sections as temporary mitigations. These mitigations restrict access to iControl REST to only trusted networks or devices, thereby limiting the attack surface.
Apply the patches released by Big IP team or mitigate the vulnerability before its too late.