F5 Releases Security Updates for BIG-IP Product Lines

Scheduled quarterly updates for F5 address 1 critical and 17 high impact vulnerabilities

Threat ID:: CC-4089
Threat Severity:: Medium
Published:: 6 May 2022 3:40 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled quarterly updates for F5 address 1 critical and 17 high impact vulnerabilities

Affected platforms

The following platforms are known to be affected:

F5 BIG-IP (All Modules)

F5 BIG-IQ

The following platforms are also known to be affected:

Many F5 products are affected by at least one of these vulnerabilities. Please review the advisories listed below for a full list of affected products.

Threat details

Introduction

F5 have released an overview of vulnerabilities for some of their networking products, including BIG-IP and BIG-IQ Centralized Management. Security exposures and 43 vulnerabilities are included in the advisory, with 1 Critical impact, 17 High impact, 24 Medium impact, and 1 Low impact vulnerabilities.

A remote unauthenticated attacker could exploit some of these vulnerabilities to take control of an affected system.

Exploitation in the wild

Exploits for CVE-2022-1388 are publicly available and there are reports of exploitation in the wild

Threat updates

Date	Update
20 May 2022	CISA issue alert about exploitation of F5 BIG-IP CVE-2022-1388 Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have issued Alert (AA22-138A): Threat Actors Exploiting F5 BIG-IP CVE-2022-1388, which urges organisations using F5 BIG-IP to apply updates and check systems for signs of compromise. CISA and MS-ISAC expect widespread exploitation of unpatched F5 BIG-IP devices (mostly with publicly exposed management ports or self IPs) in both government and private sector network. The alert includes CISA-created Snort signatures that can be used for detecting signs of possible compromise, and links to additional sources of indicators of compromise.
10 May 2022	CVE-2022-1388 is being exploited in the wild There are reports from multiple sources that CVE-2022-1388 being exploited in the wild and exploits are publicly available.
9 May 2022	Proof-of-Concept code has been developed for CVE-2022-1388 Security researchers from Horizon3 and Positive Technologies both claim to have developed an exploit for CVE-2022-1388, and Horizon3 have said that they will publish their proof-of-concept code this week. There are also some unconfirmed reports of exploitation of CVE-2022-1388 in the wild.

Remediation advice

Affected organisations are encouraged to review F5 May 2022 Quarterly Security Notification and apply any relevant updates or mitigations.