A recently disclosed vulnerability in F5 Networks’ BIG-IP could allow an unauthenticated attacker to access the BIG-IP system to execute arbitrary system commands, create and delete files, disable services and could lead to additional malicious activity.
This vulnerability, tracked as CVE-2022-1388 is an authentication bypass vulnerability in F5’s BIG-IP modules affecting the iControl REST component. BIG-IP is F5’s line of appliances that organizations use as load balancers, firewalls, and for inspection and encryption of data passing in to and out of networks. The vulnerability has a CVSS score of 9.8 out of a possible 10 and is considered critical.
F5 discovered the vulnerability on May 4, 2022 and has subsequently released a security advisory and patches, along with a subsequent advisory from the U.S. Cybersecurity & Infrastructure Security Agency (CISA).
Cisco Talos is closely monitoring the recent reports of exploitation attempts against CVE-2022-1388 and strongly recommends users issue patches to affected systems as soon as possible.
Vulnerability details and ongoing exploitation
The threat stems from a faulty authentication implementation of the iControl REST, a set of web-based programming interfaces for configuring and managing BIG-IP devices. This vulnerability aims to target the iControl REST service with a path