CVE-2022-1388

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.6.x, 12.1.x, 13.1.x prior to 13.1.5, 14.1.x prior to 14.1.4.6, 15.1.x prior to 15.1.5.1, and 16.1.x prior to 16.1.2.2

Description The vulnerability resides in the iControl REST API authentication mechanism of F5 BIG-IP. Undisclosed requests can bypass authentication, potentially allowing an unauthenticated remote attacker with network access to execute arbitrary system commands, create or delete files, or disable services. Reports indicate active exploitation of this issue, with attackers scanning for vulnerable systems shortly after the vulnerability was disclosed. Some attackers have been observed attempting to disrupt BIG-IP devices. The vulnerability allows for remote code execution (RCE) without authentication, requiring only a single request to gain full control of the system.

Recommendations F5 BIG-IP versions 11.6.x: Upgrade to a supported version. F5 BIG-IP versions 12.1.x: Upgrade to a supported version. F5 BIG-IP versions 13.1.x prior to 13.1.5: Upgrade to version 13.1.5 or later. F5 BIG-IP versions 14.1.x prior to 14.1.4.6: Upgrade to version 14.1.4.6 or later. F5 BIG-IP versions 15.1.x prior to 15.1.5.1: Upgrade to version 15.1.5.1 or later. F5 BIG-IP versions 16.1.x prior to 16.1.2.2: Upgrade to version 16.1.2.2 or later.