F5 released a security advisory relating to multiple Critical and High rated CVE’s.
Multiple Critical and High-risk vulnerabilities exist in certain versions of F5 products.
As of 10 May 2022, the ACSC is aware of malicious cyber actors actively exploiting vulnerable versions of F5 products in Australia and globally.
Given the widespread exploitation of this vulnerability, the ACSC encourages all organisations to assume their F5 products may have been compromised and initiate investigative procedures in addition to applying security patches.
Background / What has happened?
In May 2022, F5 released a security advisory relating to multiple Critical and High rated CVE’s, including CVE-2022-1388 with a CVSS score of 9.8, on multiple versions of their BIG-IP product line.
CVE-2022-1388 allows malicious actors to bypass authentication on internet-exposed iControl interfaces, potentially executing arbitrary commands, creating, or deleting files, or disabling services.
The ACSC is aware of Proof-of-Concept code exploiting CVE-2022-1388 and attempts by malicious actors to exploit this vulnerability on Australian networks.
Mitigation / How do I stay secure?
Patches are available for all High and Critical rated CVE’s in F5’s Security advisory, and most have mitigation actions in the event immediate patching is not possible.
The ACSC recommend that F5 users continue to monitor the F5 website for updates and future vulnerabilities.