According to researchers, the F5 BIG-IP currently has a remote code execution (RCE) vulnerability that can enable threat actors to conduct numerous exploits. The F5 BIG-IP device users are warned to apply the latest security patch to avoid being a target.
F5 has disclosed a critical remote code execution flaw tracked by researchers as CVE-2022-1388 in BIG-IP networking devices. The flaw’s discovery was only a week ago, which gave researchers the time to create updates.
The critical flaw affects the BIG-IP iControl REST authentication component and enables remote attackers to avoid authentication and operate commands on the device with top-of-the-line privileges.
The flawed devices are primarily utilised in the enterprise. They might give the hackers the ability to exploit the vulnerability to obtain initial access to networks and distribute laterally to other machines.
However, the flaw only impacts the management section of the device that is exposed to the internet.
The recently discovered flaw in F5 BIG-IP is very alarming since there can be different attack chains that actors against the devices can conduct.
Several researchers have developed exploits for F5 BIG-IP’s new critical vulnerability. It only took them a couple of days to design the exploit, and they expect that several threat groups may also notice the root cause quickly.
The impact of this exploit could be significant as it gives the threat actors the ability to acquire root access to the compromised devices. There are about 2,500 flawed devices exposed to the internet, making this a significant threat to many organisations.
F5 has already disclosed BIG-IP security updates that administrators can activate for specific firmware versions on the brighter side of things. However, the devices that operate on 11[.]x and 12[.]x firmware versions will not receive security updates. Furthermore, the company has released three mitigation techniques for those who cannot update their BIG-IP devices.
Today, no current exploitation of this RCE flaw has been spotted by researchers in the wild. However, experts suspect that many threat actors may notice the root cause of the flaw and start taking advantage of the vulnerability very soon.
Patch management is the only ally for most users since the system can help protect against such threats.