CISA Tells Everyone To Address F5 BIG-IP Vulnerability ASAP

The CISA has told federal agencies to fix an actively exploited F5 BIG-IP bug. The bug in question is CVE-2022-1388 which is described as follows:

On F5 BIG-IP 16.1.x versions prior to, 15.1.x versions prior to, 14.1.x versions prior to, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication.

F5 customers using BIG-IP solutions include governments, Fortune 500 firms, banks, service providers and consumer brands including Microsoft, Oracle and Facebook. Thus this isn’t trivial in the slightest as it affects a lot of big companies. Which is why the CISA also said that private companies should also address this and other issues that the CISA brings to light.

I managed to get multiple comments on this. Starting with Christopher Prewitt who is the Chief Technology Officer of MRK Technologies:  

“This vulnerability is critical, should be remediated as soon as possible by turning off the iControl REST service. This vulnerability is simple to exploit by an attacker and with these systems internet connected, many organizations may be at risk of breach.”

Saumitra Das, CTO and Co-founder of Blue Hexagon had this to add:

“This continues the trend of security and access devices also proving to be portals for attackers to get into target networks. We have seen similar issues in 2021 with VPN devices, firewalls, and email gateways. Having MFA on admin logins, limiting lateral movement from and public exposure of third-party security and networking appliance is a critical requirement to protect organization. Be it a supply chain related or a new vulnerability, organizations need to minimize blast radius.”

This is something that needs to be addressed ASAP. Thus I would take the CISA’s advice and address this ASAP as it’s a safe bet that threat actors are exploiting this at present.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: