CISA warns hackers are exploiting flaw in F5’s Big-IP

Attackers have actively exploited a critical vulnerability in the Big-IP load balancer served by F5, according to(Opens in a new window) to the US Cybersecurity and Infrastructure Security Agency (CISA).

F5 revealed(Opens in a new window) the vulnerability, which identified it as CVE-2022-1388(Opens in a new window)on May 4. The company said at the time that “this vulnerability could allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or proprietary IP addresses to execute arbitrary system commands, create or delete files, or disable services.”

CVE-2022-1388 was rated 9.8 out of 10 on the Common Vulnerability Scoring System. CISA added(Opens in a new window) The Vulnerability in the Catalog of Known Exploitation Vulnerabilities – a list of security vulnerabilities known to have been exploited by hackers that debuted in November 2021 – on May 11. Now, the agency is once again telling organizations to address this vulnerability immediately.

“According to public reports,” the agency said in a warning, “there is active exploitation of this vulnerability, and CISA and [the Multi-State Information Sharing & Analysis Center] expect widespread exploitation of unpatched F5 BIG-IP devices (usually with publicly accessible management ports or self-IPs) in both government and private networks.”

The alert contains additional information about the versions of Big IP affected by this vulnerability, detection methods, guidelines for incident response teams handling attacks with this flaw, and solutions for organizations using the load balancer. (Basically, that comes down to installing the patches released by F5 and continuing to apply industry best practices.)

Recommended by our editors

CISA says it and MS-ISAC “encourage organizations that don’t patch immediately or whose F5 BIG-IP device management interface is exposed to the Internet to make compromises.” Such organizations are then advised to use the information in the alert to look for signs of compromise on their networks and act accordingly.

SecurityWatch<\/strong> newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})” x-show=”showEmailSignUp()” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs”>

Like what you read?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered straight to your inbox.

This newsletter may contain advertisements, offers or affiliate links. By subscribing to a newsletter, you indicate that you agree to our terms of use and privacy policy. You can unsubscribe from the newsletters at any time.

Leave a Reply

Your email address will not be published.