Skip to main content
Creating a new NHS England: Health Education England, NHS Digital and NHS England have merged. More about the merger.

F5 Releases Security Updates for BIG-IP Product Lines

Scheduled quarterly updates for F5 address 1 critical and 17 high impact vulnerabilities

Report a cyber attack: call 0300 303 5222 or email [email protected]


Scheduled quarterly updates for F5 address 1 critical and 17 high impact vulnerabilities

Affected platforms

The following platforms are known to be affected:

The following platforms are also known to be affected:

Many F5 products are affected by at least one of these vulnerabilities. Please review the advisories listed below for a full list of affected products.

Threat details


F5 have released an overview of vulnerabilities for some of their networking products, including BIG-IP and BIG-IQ Centralized Management. Security exposures and 43 vulnerabilities are included in the advisory, with 1 Critical impact, 17 High impact, 24 Medium impact, and 1 Low impact vulnerabilities.

A remote unauthenticated attacker could exploit some of these vulnerabilities to take control of an affected system.

Exploitation in the wild

Exploits for CVE-2022-1388 are publicly available and there are reports of exploitation in the wild

Threat updates

Date Update
20 May 2022 CISA issue alert about exploitation of F5 BIG-IP CVE-2022-1388

Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have issued Alert (AA22-138A): Threat Actors Exploiting F5 BIG-IP CVE-2022-1388, which urges organisations using F5 BIG-IP to apply updates and check systems for signs of compromise. CISA and MS-ISAC expect widespread exploitation of unpatched F5 BIG-IP devices (mostly with publicly exposed management ports or self IPs) in both government and private sector network. The alert includes CISA-created Snort signatures that can be used for detecting signs of possible compromise, and links to additional sources of indicators of compromise.

10 May 2022 CVE-2022-1388 is being exploited in the wild

There are reports from multiple sources that CVE-2022-1388 being exploited in the wild and exploits are publicly available.

9 May 2022 Proof-of-Concept code has been developed for CVE-2022-1388

Security researchers from Horizon3 and Positive Technologies both claim to have developed an exploit for CVE-2022-1388, and Horizon3 have said that they will publish their proof-of-concept code this week. There are also some unconfirmed reports of exploitation of CVE-2022-1388 in the wild.

Remediation advice

Affected organisations are encouraged to review F5 May 2022 Quarterly Security Notification and apply any relevant updates or mitigations.

Definitive source of threat updates

Last edited: 20 May 2022 4:09 pm