F5 warns users about a recently disclosed remote code execution vulnerability. The vulnerability, tracked as CVE-2022-1388, has a CVSS score of 9.8. The vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system to execute arbitrary system commands, create or delete files, or disable services.
BIG-IP iControl REST
It affects the BIG-IP iControl REST authentication component, allowing hackers to bypass authentication. According to the announcement, the affected versions are:
- 16.1.0 – 16.1.2
- 15.1.0 – 15.1.5
- 14.1.0 – 14.1.4
- 13.1.0 – 13.1.4
- 12.1.0 – 12.1.6
- 11.6.1 – 11.6.5
The company released fixes in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5. F5 also stated that version 11.x and 12.x will not receive the updates and suggested users to upgrade to a higher version or apply workarounds, which are:
- Block iControl REST access through the self IP address
- Block iControl REST access through the management interface
- Modify the BIG-IP httpd configuration
F5 stated that the issue was discovered internally by F5. Also researchers from Horizon3 and Positive Technologies stated that they created exploits.