On Wednesday, May 4, 2022, F5 disclosed a critical-severity vulnerability impacting the iControl REST authentication of BIG-IP systems being tracked as CVE-2022-1388. If successfully exploited, the vulnerability could lead to Authentication Bypass, which could allow a threat actor to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. BIG-IQ Centralized Management, F5OS-A, F5OS-C, and Traffic SDC are not impacted by CVE-2022-1388
Recommendations for CVE-2022-1388
Due to the severity of this vulnerability and the widespread deployment of BIG-IP products in critical environments, Arctic Wolf recommends patching any affected versions of BIG-IP as soon as possible if they exist within your environment.
- BIG-IP versions 16.1.0 to 16.1.2
- BIG-IP versions 15.1.0 to 15.1.5
- BIG-IP versions 14.1.0 to 14.1.4
- BIG-IP versions 13.1.0 to 13.1.4
- BIG-IP versions 12.1.0 to 12.1.6
- BIG-IP versions 11.6.1 to 11.6.5
We strongly recommend reviewing the recommendations below this vulnerability.
Recommendation #1: Apply Applicable Security Updates
F5 released security fixes in the latest versions of BIG-IP for CVE-2022-1388. The fixes are in v17.0.0, v22.214.171.124, v126.96.36.199, v188.8.131.52, and v13.1.5. The branches of 12.x and 11.x will not receive a fixing patch.
We strongly recommend reviewing the published security updates and applying all applicable security updates to impacted products within your environment.
Recommendation #2: Restrict Access to iControl REST to only trusted networks if updating not possible
F5 has provided the following effective mitigations that may be used temporarily for those who can’t apply the security updates immediately
- Block all access to the iControl REST interface of your BIG-IP system through self IP addresses.
- Restrict access only to trusted users and devices via the management interface.
- Modify the BIG-IP httpd configuration.
- F5 Advisory CVE-2022-1388: https://support.f5.com/csp/article/K23605346
- CISA: F5 Releases Security Advisories: https://www.cisa.gov/uscert/ncas/current-activity/2022/05/04/f5-releases-security-advisories-addressing-multiple