CISA adds actively exploited critical F5 BIG-IP bug to its must-patch list

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a critical bug in F5’s Big-IP software that is being actively exploited. 

The network and application delivery firm on May 4 disclosed a critical authentication bypass affecting the iControl REST component in multiple versions of its Big-IP software. The bug, tagged as CVE-2022-1388, had a CVSSv3 severity score of 9.8 out of 10 in part because of its ease of exploitation. 

ZDNet Recommends

Within days of F5’s advisory, security researchers saw potential attackers scanning for vulnerable F5 system admin interfaces exposed on the internet.      

SEE: Cloud computing security: New guidance aims to keep your data safe from cyberattacks and breaches

Ron Bowes at security company Rapid 7 expects exploitation attempts to increase because the bug is easy to exploit. Also, exploit code that provides root access to affected devices is publicly available.

However, Bowes reckons there are only about 2,500 F5 BIG-IP devices exposed on the internet based on a shodan.io search.

Affected organizations should patch the critical F5 Big-IP bug swiftly. Palo Alto Networks says that on Wednesday it observed over 2,500 scanning and active

Read More: https://www.zdnet.com/article/cisa-adds-actively-exploited-critical-f5-big-ip-bug-to-its-must-patch-list/#ftag=RSSbaffb68