High Security Alert (A22-05-04): Vulnerability in F5 BIG-IP

Description:

F5 has published a security advisory to address a vulnerability in F5 devices. The details about the vulnerability and associated fixes can be found at the following website:

https://support.f5.com/csp/article/K23605346

Further to our Security Alert (A22-05-04), reports indicate that the vulnerability (CVE-2022-1388) is being exploited in the wild. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.

For detailed information on the affected BIG-IP versions and the corresponding security patches, please refer to the following vendor's URL:
https://support.f5.com/csp/article/K23605346

Affected Systems:

• BIG-IP versions 16.1.0 - 16.1.2
• BIG-IP versions 15.1.0 - 15.1.5
• BIG-IP versions 14.1.0 - 14.1.4
• BIG-IP versions 13.1.0 - 13.1.4
• BIG-IP versions 12.1.0 - 12.1.6
• BIG-IP versions 11.6.1 - 11.6.5

Impact:

Successful exploitation of the vulnerability could lead to remote command execution, data manipulation or denial of service on an affected system.

Recommendation:

Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. It is recommended to consult the product vendors for the fixes and assistance.

System administrators are advised to follow the security best practice to only permit management access to the products over a secure network and limit shell access to trusted users.

More Information:

• https://support.f5.com/csp/article/K23605346
• https://www.hkcert.org/security-bulletin/f5-products-multiple-vulnerabilities_20220505
• https://www.cisa.gov/uscert/ncas/current-activity/2022/05/04/f5-releases-security-advisories-addressing-multiple
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1388