F5 BIG-IP Missing Authentication Vulnerability (CVE-2022-1388)
F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.
A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. CISA has confirmed use of this vulnerability in known ransomware campaigns — treat as high priority for remediation. Federal agencies are required to remediate by 2022-05-31 under CISA BOD 22-01.
This is a Missing Authentication for Critical Function (CWE-306) vulnerability in F5 BIG-IP. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.
📧
Phishing link
🖼
Malicious file
🔓
Server compromised
Probably yes if any of these apply:
Used in known ransomware campaigns. Threat-research write-up: http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html
Manual remediation steps
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.