BIG-IP iControl REST Critical Authentication Bypass Vulnerability – CVE-2022-1388

Share :

On Wednesday, May 4, 2022, F5 disclosed a critical-severity vulnerability impacting the iControl REST authentication of BIG-IP systems being tracked as CVE-2022-1388. If successfully exploited, the vulnerability could lead to Authentication Bypass, which could allow a threat actor to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. BIG-IQ Centralized Management, F5OS-A, F5OS-C, and Traffic SDC are not impacted by CVE-2022-1388

Recommendations for CVE-2022-1388

Due to the severity of this vulnerability and the widespread deployment of BIG-IP products in critical environments, Arctic Wolf recommends patching any affected versions of BIG-IP as soon as possible if they exist within your environment.

Affected Versions:

  • BIG-IP versions 16.1.0 to 16.1.2
  • BIG-IP versions 15.1.0 to 15.1.5
  • BIG-IP versions 14.1.0 to 14.1.4
  • BIG-IP versions 13.1.0 to 13.1.4
  • BIG-IP versions 12.1.0 to 12.1.6
  • BIG-IP versions 11.6.1 to 11.6.5

We strongly recommend reviewing the recommendations below this vulnerability.

Recommendation #1: Apply Applicable Security Updates

F5 released security fixes in the latest versions of BIG-IP for CVE-2022-1388. The fixes are in v17.0.0, v16.1.2.2, v15.1.5.1, v14.1.4.6, and v13.1.5. The branches of 12.x and 11.x will not receive a fixing patch.

We strongly recommend reviewing the published security updates and applying all applicable security updates to impacted products within your environment.

Recommendation #2: Restrict Access to iControl REST to only trusted networks if updating not possible

F5 has provided the following effective mitigations that may be used temporarily for those who can’t apply the security updates immediately

  1. Block all access to the iControl REST interface of your BIG-IP system through self IP addresses.
  2. Restrict access only to trusted users and devices via the management interface.
  3. Modify the BIG-IP httpd configuration.

References

James Liolios

James Liolios

James Liolios is a Senior Threat Intelligence Researcher at Arctic Wolf, where he keeps a watchful eye on the latest threats and threat actors to understand the potential impact to Arctic Wolf customers. He has a background of 9 years' experience in many areas of cybersecurity, holds a bachelor's degree in Information Security, and is also CISSP certified.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter