F5 BIG-IP Critical Vulnerability Timeline

What is F5 BIG-IP?

The BIG-IP platform is a series of hardware and software products that help companies with application availability, access control, and security. BIG-IP products are widely used, with more than 16,000 devices exposed to the internet, often in critical environments.

Overview of F5 BIG-IP Vulnerability

Vulnerability Overview

CVE-2022-1388 is a critical CVSSv3.1 9.8 out of 10, actively exploited vulnerability in BIG-IP iControl REST. This vulnerability allows an attacker to bypass authentication to execute arbitrary commands, create or delete files, and disable services on F5 BIG-IP devices.*

Attackers could use the vulnerability to gain initial access to a network from the outside (if the BIG-IP control plan is exposed to the internet) and move laterally within the network. 

Multiple proof of concept (POC) exploits exist today, and if you haven’t patched your systems, you should assume you have been compromised. The below versions of BIG-IP are vulnerable to attack and should be patched accordingly.

list of vulnerable versions of f5 big ip

*BIG-IQ centralized Management, F5OS-A, F5OS-C, and Traffic SDC are not impacted by the vulnerability.

Timeline of Events

May 4, 2022 
  • F5 patched and notified users of a vulnerability in BIG-IP iControl REST that allowed authentication bypass to execute arbitrary commands, create or delete files, or disable services

  • CISA issues advisory urging administrators to patch or apply workarounds to mitigate CVE-2022-1388

May 7, 2022
May 10, 2022 

Recommended Mitigation

F5 offered three temporary mitigations in addition to patching systems to the latest version. Automox recommends patching to the latest applicable version of BIG-IP immediately if you are vulnerable to attack.

Temporary Mitigation Options

F5 has issued three options for temporary mitigations if you are unable to patch your systems immediately. 

This vulnerability is currently being exploited in the wild. If you have vulnerable systems in your environment and have not yet applied patches or F5’s temporary workarounds, you should assume compromise.

Automox for Easy IT Operations

Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day. 

Demo Automox and join thousands of companies transforming IT operations into a strategic business driver.

Dive deeper into this topic