Home Science & Technology Attackers are trying to use the critical F5 BIG-IP RCE

Attackers are trying to use the critical F5 BIG-IP RCE


Researchers have developed PoC exploits for CVE-2022-1388, a critical remote code execution error that affects FIG BIG-IP multi-purpose network devices / modules. At the same time, attempts at exploitation in the wild were discovered.

CVE-2022-1388 PoC exploits

Security researchers began sharing evidence of their successful attempts to use CVE-2022-1388 over the weekend:

The Horizon3 Attack team has announced that it will release PoC this week.

Researcher Kevin Beaumont also noted exploitation attempts:

Correct or mitigate operational risk

CVE-2022-1388 is a flaw that can be used by unauthorized attackers remotely to take over vulnerable BIG-IP devices and use this access to execute system commands, create or delete files, or disable services.

Vulnerability was gilded last week from F5, along with many other less critical flaws. The company warned that this could be used via device management port and / or personal IP addresses, and urged administrators to upgrade their BIG-IP settings to a version that provides a fix (17.0.0,,, 14.1). 4.6 or 13.1.5) or implement the proposed mitigation measures to protect the affected devices / modules:

  • Block iControl REST access via its own IP address
  • Block iControl REST access through the management interface
  • Changing the BIG-IP httpd configuration

Dr. Johannes Ulrich, dean of research at the SANS Institute of Technology, says he usually recommends fixing the fix first and then solving the configuration issues, but in this case users need to change the order of the two steps.

“First, make sure you don’t open the admin interface. If you can’t do it: don’t try to fix it. Turn off the device instead. If the configuration interface is secure: patch, ”he said advised.

Previous articleWill I get permission to build a bungalow in my garden?
Next articleA closer look at inflation and the “price rally”