Skip to main content

BIG-IP iControl REST Critical Authentication Bypass Vulnerability - CVE-2022-1388

On Wednesday, May 4, 2022, F5 disclosed a critical-severity vulnerability impacting the iControl REST authentication of BIG-IP systems being tracked as CVE-2022-1388. If successfully exploited, the vulnerability could lead to Authentication Bypass, which could allow a threat actor to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. BIG-IQ Centralized Management, F5OS-A, F5OS-C, and Traffic SDC are not impacted by CVE-2022-1388

Recommendations for CVE-2022-1388 

Due to the severity of this vulnerability and the widespread deployment of BIG-IP products in critical environments, Arctic Wolf recommends patching any affected versions of BIG-IP as soon as possible if they exist within your environment.

Affected Versions:

  • BIG-IP versions 16.1.0 to 16.1.2
  • BIG-IP versions 15.1.0 to 15.1.5
  • BIG-IP versions 14.1.0 to 14.1.4
  • BIG-IP versions 13.1.0 to 13.1.4
  • BIG-IP versions 12.1.0 to 12.1.6
  • BIG-IP versions 11.6.1 to 11.6.5

We strongly recommend reviewing the recommendations below this vulnerability.

Recommendation #1: Apply Applicable Security Updates

F5 released security fixes in the latest versions of BIG-IP for CVE-2022-1388. The fixes are in v17.0.0, v16.1.2.2, v15.1.5.1, v14.1.4.6, and v13.1.5. The branches of 12.x and 11.x will not receive a fixing patch.

We strongly recommend reviewing the published security updates and applying all applicable security updates to impacted products within your environment.

Recommendation #2: Restrict Access to iControl REST to only trusted networks if updating not possible

F5 has provided the following effective mitigations that may be used temporarily for those who can’t apply the security updates immediately

  1. Block all access to the iControl REST interface of your BIG-IP system through self IP addresses.
  2. Restrict access only to trusted users and devices via the management interface.
  3. Modify the BIG-IP httpd configuration.

References

About the Author

Sule Tatar is a Product Marketing Manager at Arctic Wolf, where she does research on security trends and brings groundbreaking cybersecurity products and services to market. She has extensive experience in the B2B cybersecurity space and holds a bachelor's degree in computer engineering and an MBA.

Profile Photo of Sule Tatar