The Platform

Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.

Watch a Demo
GigaOm Radar for Attack Surface Management

The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you.  

Use Cases

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. 

Our Customers

External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

About CyCognito

We believe all organizations should be able to protect themselves from even the most sophisticated attackers.

Contact us
Resources

The knowledge you need to manage and protect your attack surface.

What's New Blog
Research

Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IP

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
May 12, 2022

What is it?

On May 4th, 2022, F5 announced their internal discovery of a remote code execution (RCE) vulnerability, CVE-2022-1388, that affects all firmware versions of their BIG-IP product. While not every organization using BIG-IP is in active danger, this is a serious vulnerability that could give threat actors extensive access to affected systems and we recommend patching or upgrading all systems immediately. 

What does it affect?

BIG-IP is an enterprise-grade application firewall, load balancer, and proxy. This vulnerability affects all of F5’s BIG-IP versions:

  • 16.1.0 – 16.1.2
  • 15.1.0 – 15.1.5
  • 14.1.0 – 14.1.4
  • 13.1.0 – 13.1.4
  • 12.1.0 – 12.1.6
  • 11.6.1 – 11.6.5 

The good news is that F5’s other products, including BIG-IQ Centralized Management, F5OS-A, F5OS-C, and Traffic SDC, are not affected. 

What does it allow attackers to do? 

CVE-2022-1388 allows attackers to bypass F5’s iControl REST authentication system and execute commands, create and delete files, disable services and take control of the attacked system remotely. However, F5 has stated that “there is no data plane exposure; this is a control plane issue only.” The data plane of the BIG-IP products handles network traffic processing, while the control plane covers management-level computing, storing, and processing information. F5 also notes that the affected management interface is not public-facing or exposed to the Internet by default. 

With a Critical CVSS score of 9.8 out of 10, research groups claiming working proofs of concept (POCs), and reports of active exploitation in the wild, this vulnerability is at the top of many security teams’ patch lists. As it should be. 

What should you do? 

First, scan your attack surface to find every instance where you are vulnerable, then prioritize applying patches or upgrading your system. While there are some cases where a security team may defer patching in order to preserve a necessary function not available in the patched version or to prioritize more urgent patches, CVE-2022-1388 is worth moving to the top of your patch list – it affects a major enterprise system that serves as traffic control and protection for a large part of organization’s network and, if exploited, it could provide a powerful foothold into your system for attackers. There are also several security research groups that are publishing working exploits of this vulnerability this week, so we’re likely to see an uptick in attack attempts as threat actors try to use these exploits on unaware organizations. F5’s official recommendation is similar to ours: they recommend applying patches if you’re using a patchable version (13. x – 17. x) or upgrading to a newer version if no fix will be applied to the version you’re using (12. x and 11. x). 

Those unable to patch their BIG-IP assets should apply one of F5’s mitigation methods instead. F5 recommends: 

  • Blocking iControl REST access through the self IP address
  • Blocking iControl REST access through the management interface
  • Modifying the BIG-IP httpd configuration

How CyCognito Finds This Vulnerability

If you’re using CyCognito’s platform, then our system is automatically checking your BIG-IP assets to test if they’re vulnerable. If your assets are affected, CyCognito will provide you with a list of assets and how to remediate them. Affected customers have also been contacted directly.

This vulnerability has been permanently included within the CyCognito issue catalog for all future scans in your environment.


Topics





Recent Posts








Top Tags



CyCognito Research Report

State of External Exposure Management

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk.

Dummies Book

External Exposure & Attack Surface Management For Dummies

External Exposure & Attack Surface Management For Dummies

As your attack surface has grown to cloud infrastructures and across subsidiaries, attackers are looking for and finding unknown and unmanaged assets to serve as their entry points.

Interactive Demo

Ready to Rule Your Risk?

Request a personalized walkthrough of the CyCognito platform to see how we can help your company identify all its internet-exposed assets, focus on which are most vulnerable to attacks, and accelerate your time to remediating critical risks.