F5 BIG-IP Remote Code Execution Vulnerability (CVE-2022-1388)

May 07, 2022 GMT+08:00

I. Overview

Recently, F5 published a security advisory on its official website, disclosing a remote code execution vulnerability (CVE-2022-1388) in F5 BIG-IP. The vulnerability is in the iControl REST component. An attacker may send requests to bypass the iControl REST authentication of F5 BIG-IP, then arbitrarily execute commands, create or delete files, or disable services.

The BIG-IP Local Traffic Manager (LTM) is an excellent application traffic management system. If you are an F5 BIG-IP user, check your versions and implement timely security hardening.

Reference:

https://support.f5.com/csp/article/K23605346

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

BIG-IP 16.x: 16.1.0 - 16.1.2

BIG-IP 15.x: 15.1.0 - 15.1.5

BIG-IP 14.x: 14.1.0 - 14.1.4

BIG-IP 13.x: 13.1.0 - 13.1.4

BIG-IP 12.x: 12.1.0 - 12.1.6

BIG-IP 11.x: 11.6.1 - 11.6.5

Secure versions:

BIG-IP 17.x: 17.0.0

BIG-IP 16.x: 16.1.2.2

BIG-IP 15.x: 15.1.5.1

BIG-IP 14.x: 14.1.4.6

BIG-IP 13.x: 13.1.5

IV. Vulnerability Handling

Secure versions have been officially released. Upgrade to secure versions.

If the upgrade cannot be performed in a timely manner, you can refer to the workarounds provided in the advisory to avoid risks.

https://support.f5.com/csp/article/K23605346

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.