CISA warns that hackers are exploiting a flaw in F5’s Big-IP

Attackers have been actively exploiting a critical vulnerability in the Big-IP load balancer offered by F5, according to(Opens in a new window) to the US Cybersecurity and Infrastructure Security Agency (CISA).

F5 revealed(Opens in a new window) the vulnerability, which has been identified as CVE-2022-1388(Opens in a new window)on May 4. The company said at the time that “this vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or proprietary IP addresses to execute arbitrary system commands, create or delete files, or disable services”.

CVE-2022-1388 received a rating of 9.8 out of 10 on the Common Vulnerability Scoring System. CISA added(Opens in a new window) the Catalog of Known Exploited Vulnerabilities vulnerability, an updated list of security flaws known to have been exploited by hackers that debuted in November 2021, on May 11. Now, the agency is again telling organizations to address this vulnerability immediately.

“According to public reports,” the agency says in an alert, “there is active exploitation of this vulnerability, and CISA and [the Multi-State Information Sharing & Analysis Center] Expect to see widespread exploitation of unpatched F5 BIG-IP devices (mainly with publicly exposed management ports or proprietary IPs) in government and private sector networks.”

The alert includes additional information about Big-IP versions affected by this vulnerability, detection methods, guidance for incident response teams handling attacks involving this flaw, and mitigations for organizations running the load balancer. (Which essentially amounts to installing the patches released by F5 and continuing to adopt industry best practices.)

Recommended by Our Editors

CISA says that he and MS-ISAC “encourage organizations that did not immediately apply patches or whose F5 BIG-IP device management interface has been exposed to the Internet to take compromises.” Such organizations are then encouraged to use the information provided in the alert to look for signs of compromise in their networks and respond accordingly.

SecurityWatch<\/strong> newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})” x-show=”showEmailSignUp()” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs”>

Do you like what you are reading?

Enroll in security surveillance newsletter for our top privacy and security stories delivered directly to your inbox.

This newsletter may contain advertising, offers or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You can unsubscribe from newsletters at any time.

Leave a Reply

Your email address will not be published.