On Wednesday, May 4, 2022, F5 disclosed a critical-severity vulnerability impacting the iControl REST authentication of BIG-IP systems being tracked as CVE-2022-1388. If successfully exploited, the vulnerability could lead to Authentication Bypass, which could allow a threat actor to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. BIG-IQ Centralized Management, F5OS-A, F5OS-C, and Traffic SDC are not impacted by CVE-2022-1388
Recommendations for?CVE-2022-1388
Due to the severity of this vulnerability and the widespread deployment of BIG-IP products in critical environments, Arctic Wolf recommends patching any affected versions of BIG-IP as soon as possible if they exist within your environment.
Affected Versions:
- BIG-IP versions 16.1.0 to 16.1.2
- BIG-IP versions 15.1.0 to 15.1.5
- BIG-IP versions 14.1.0 to 14.1.4
- BIG-IP versions 13.1.0 to 13.1.4
- BIG-IP versions 12.1.0 to 12.1.6
- BIG-IP versions 11.6.1 to 11.6.5
We strongly recommend reviewing the recommendations below this vulnerability.
Recommendation #1: Apply Applicable Security Updates
F5 released in the latest versions of BIG-IP for CVE-2022-1388. The fixes are in v17.0.0, v16.1.2.2, v15.1.5.1, v14.1.4.6, and v13.1.5. The branches of 12.x and 11.x will not receive a fixing patch.
We strongly recommend reviewing the published security updates and applying all applicable security updates to impacted products within your environment.
Recommendation #2: Restrict Access to iControl REST to only trusted networks if updating not possible
F5 has provided the that may be used temporarily for those who can¡¯t apply the security updates immediately
- Block all access to the iControl REST interface of your BIG-IP system through self IP addresses.
- Restrict access only to trusted users and devices via the management interface.
- Modify the BIG-IP httpd configuration.
References
- F5 Advisory CVE-2022-1388:
- CISA: F5 Releases Security Advisories:
