Admins have been warned by the security researchers against a critical Remote-Control Execution (RCE) flaw in the F5 BIG-IP.
Last week F5-Security and Application Delivery Solutions Provider, released its security notification to inform customers that it has released security updates from number of vulnerabilities in its products.
VULNERABILITY
The company addressed over and above 40 vulnerabilities, the most severe one is a critical issue tracked as CVE-2022-1388 with a high CVSS score of 9.8.
This vulnerability affects the BIG-IP iControl REST authentication component and allows remote threat actors to bypass authentication and execute commands on the device with elevated privileges.
An unauthorized threat actor with network access to the BIG-IP system through the management port and self IP addresses can make use of the CVE-2022-1388 flaw to execute arbitrary system commands, create or delete files, or disable services.
This vulnerability may lead to loss of corporate data or to deploy the ransomware on all of the network’s devices.
SECURITY UPDATES
F5 has released security updates for BIG-IP for the following firmware versions of BIG-IP:
- 16.1.0 to 16.1.2
- 15.1.0 to 15.1.5
- 14.1.0 to 14.1.4
- 13.1.0 to 13.1.4
The Company also recommended the administrators having the unsupported versions (BIG-IP versions 12.1.0 to 12.1.6 ; BIG-IP versions 11.6.1 to 11.6.5) to update into latest supported versions.
MITIGATIONS
The three temporary mitigations provided by the company to the customers, who cannot install the patched versions,
- Block iControl REST access through the self IP address
- Block iControl REST access through the management interface
- Modify the BIG-IP httpd configuration
CONCLUSION
So far there have been no reports of any exploitation of this vulnerability.
Admins are advised to update the security patches at the earliest considering the exploitation trend is high
Leave A Comment