F5 Releases Security Updates for BIG-IP Product Lines

Scheduled quarterly updates for F5 address 1 critical and 17 high impact vulnerabilities

Threat ID:: CC-4089
Threat Severity:: Medium
Published:: 6 May 2022 3:40 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled quarterly updates for F5 address 1 critical and 17 high impact vulnerabilities

Affected platforms

The following platforms are known to be affected:

F5 BIG-IP (All Modules)

F5 BIG-IQ

The following platforms are also known to be affected:

Many F5 products are affected by at least one of these vulnerabilities. Please review the advisories listed below for a full list of affected products.

Threat details

Introduction

F5 have released an overview of vulnerabilities for some of their networking products, including BIG-IP and BIG-IQ Centralized Management. Security exposures and 43 vulnerabilities are included in the advisory, with 1 Critical impact, 17 High impact, 24 Medium impact, and 1 Low impact vulnerabilities.

A remote unauthenticated attacker could exploit some of these vulnerabilities to take control of an affected system.

Exploitation in the wild

Exploits for CVE-2022-1388 are publicly available and there are reports of exploitation in the wild

Threat updates

Date	Update
20 May 2022	CISA issue alert about exploitation of F5 BIG-IP CVE-2022-1388 Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have issued Alert (AA22-138A): Threat Actors Exploiting F5 BIG-IP CVE-2022-1388, which urges organisations using F5 BIG-IP to apply updates and check systems for signs of compromise. CISA and MS-ISAC expect widespread exploitation of unpatched F5 BIG-IP devices (mostly with publicly exposed management ports or self IPs) in both government and private sector network. The alert includes CISA-created Snort signatures that can be used for detecting signs of possible compromise, and links to additional sources of indicators of compromise.
10 May 2022	CVE-2022-1388 is being exploited in the wild There are reports from multiple sources that CVE-2022-1388 being exploited in the wild and exploits are publicly available.
9 May 2022	Proof-of-Concept code has been developed for CVE-2022-1388 Security researchers from Horizon3 and Positive Technologies both claim to have developed an exploit for CVE-2022-1388, and Horizon3 have said that they will publish their proof-of-concept code this week. There are also some unconfirmed reports of exploitation of CVE-2022-1388 in the wild.

Remediation advice

Affected organisations are encouraged to review F5 May 2022 Quarterly Security Notification and apply any relevant updates or mitigations.

Definitive source of threat updates

https://support.f5.com/csp/article/K55879220

CVE Vulnerabilities