CVE-2022-1388: F5 Big-IP iControl REST Vulnerability Updates

Latest Updated: 08/05/2022 at 8:17 UTC

Vulnerability Replicated by PT (Russian cyber company)

Uptick in activity:

Scanner for the API (not the vuln)

F5 have published an advisory on an pretty serious issue (CVSSv3 9.8 score) in the iControl REST component in their BIG-IP load balancers:

Key fragment:


This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.

While untrusted randos probably shouldn’t have access to your control/management network/vlan, it’d be best to install the patch sooner rather than later. If you can’t patch, then the link contains mitigation instructions.

At the moment it seems like the industry is getting flooded by CVE’s popping up in numerous networking devices from so many different vendors.

With network access. This is like a monthly thing with F5.

Mgmt plane should not bei even accessable For attackers … Mgmt should be restricted from dedicated systems / Networks

1 Like

“that may allow unauthenticated attackers with network access.” it’s right there in the first sentence.

greynoise tracking probes via this tag GreyNoise Trends