Attackers have been actively exploiting a critical vulnerability in the Big-IP load balancer offered by F5, according(Opens in a new window) to the US Cybersecurity and Infrastructure Security Agency (CISA).
F5 disclosed(Opens in a new window) the vulnerability, which it has identified as CVE-2022-1388(Opens in a new window), on May 4. The company said at the time that "this vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services."
CVE-2022-1388 received a rating of 9.8 out of 10 on the Common Vulnerability Scoring System. CISA added(Opens in a new window) the vulnerability to the Known Exploited Vulnerabilities Catalog—a running list of security flaws known to have been exploited by hackers that debuted in November 2021—on May 11. Now the agency is again telling organizations to immediately address this vulnerability.
"According to public reporting," the agency says in an alert, "there is active exploitation of this vulnerability, and CISA and [the Multi-State Information Sharing & Analysis Center] expect to see widespread exploitation of unpatched F5 BIG-IP devices (mostly with publicly exposed management ports or self IPs) in both government and private sector networks."
The alert includes additional information about the versions of Big-IP affected by this vulnerability, detection methods, guidance for incident response teams handling attacks involving this flaw, and mitigations for organizations running the load balancer. (Which essentially amount to installing the patches released by F5 and continuing to adopt industry best practices.)
CISA says
Read more on pcmag.com