{"id":218,"date":"2022-05-12T00:51:00","date_gmt":"2022-05-12T00:51:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=218"},"modified":"2024-01-08T20:54:12","modified_gmt":"2024-01-08T20:54:12","slug":"f5-big-ip","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/","title":{"rendered":"Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IP"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">What is it?<\/h2>\n\n\n\n<p>On May 4th, 2022, F5 announced their internal discovery of a remote code execution (RCE) vulnerability, CVE-2022-1388, that affects all firmware versions of their BIG-IP product. While not every organization using BIG-IP is in active danger, this is a serious vulnerability that could give threat actors extensive access to affected systems and we recommend patching or upgrading all systems immediately.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What does it affect?<\/h2>\n\n\n\n<p>BIG-IP is an enterprise-grade application firewall, load balancer, and proxy. This vulnerability affects all of F5\u2019s BIG-IP versions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>16.1.0 &#8211; 16.1.2<\/li>\n\n\n\n<li>15.1.0 &#8211; 15.1.5<\/li>\n\n\n\n<li>14.1.0 &#8211; 14.1.4<\/li>\n\n\n\n<li>13.1.0 &#8211; 13.1.4<\/li>\n\n\n\n<li>12.1.0 &#8211; 12.1.6<\/li>\n\n\n\n<li>11.6.1 &#8211; 11.6.5&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>The good news is that F5\u2019s other products, including BIG-IQ Centralized Management, F5OS-A, F5OS-C, and Traffic SDC, are not affected.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What does it allow attackers to do?&nbsp;<\/h2>\n\n\n\n<p>CVE-2022-1388 allows attackers to bypass F5\u2019s iControl REST authentication system and execute commands, create and delete files, disable services and take control of the attacked system remotely. However, F5 has stated that \u201cthere is no data plane exposure; this is a control plane issue only.\u201d The data plane of the BIG-IP products handles network traffic processing, while the control plane covers management-level computing, storing, and processing information. F5 also notes that the affected management interface is not public-facing or exposed to the Internet by default.&nbsp;<\/p>\n\n\n\n<p>With a Critical CVSS score of 9.8 out of 10, research groups claiming working proofs of concept (POCs), and reports of active exploitation in the wild, this vulnerability is at the top of many security teams\u2019 patch lists. As it should be.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What should you do?&nbsp;<\/h2>\n\n\n\n<p>First, scan your attack surface to find every instance where you are vulnerable, then prioritize applying patches or upgrading your system. While there are some cases where a security team may defer patching in order to preserve a necessary function not available in the patched version or to prioritize more urgent patches, CVE-2022-1388 is worth moving to the top of your patch list &#8211; it affects a major enterprise system that serves as traffic control and protection for a large part of organization\u2019s network and, if exploited, it could provide a powerful foothold into your system for attackers. There are also several security research groups that are publishing working exploits of this vulnerability this week, so we\u2019re likely to see an uptick in attack attempts as threat actors try to use these exploits on unaware organizations. F5\u2019s official&nbsp;<a href=\"https:\/\/support.f5.com\/csp\/article\/K23605346\">recommendation<\/a>&nbsp;is similar to ours: they recommend applying patches if you\u2019re using a patchable version (13. x &#8211; 17. x) or upgrading to a newer version if no fix will be applied to the version you\u2019re using (12. x and 11. x).&nbsp;<\/p>\n\n\n\n<p>Those unable to patch their BIG-IP assets should apply one of F5\u2019s mitigation methods instead. F5 recommends:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Blocking iControl REST access through the self IP address<\/li>\n\n\n\n<li>Blocking iControl REST access through the management interface<\/li>\n\n\n\n<li>Modifying the BIG-IP httpd configuration<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How CyCognito Finds This Vulnerability<\/h2>\n\n\n\n<p>If you\u2019re using CyCognito\u2019s platform, then our system is automatically checking your BIG-IP assets to test if they\u2019re vulnerable. If your assets are affected, CyCognito will provide you with a list of assets and how to remediate them. Affected customers have also been contacted directly.<\/p>\n\n\n\n<p>This vulnerability has been permanently included within the CyCognito issue catalog for all future scans in your environment.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On May 4th, 2022, F5 announced their internal discovery of a remote code execution (RCE) vulnerability, CVE-2022-1388, that affects all firmware versions of their BIG-IP product.<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[85,86,87],"class_list":["post-218","post","type-post","status-publish","format-standard","hentry","category-research","tag-big-ip","tag-cve-2022-1388","tag-f5"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IP | CyCognito Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IP | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"On May 4th, 2022, F5 announced their internal discovery of a remote code execution (RCE) vulnerability, CVE-2022-1388, that affects all firmware versions of their BIG-IP product.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-12T00:51:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-08T20:54:12+00:00\" \/>\n<meta name=\"author\" content=\"Emma Zaballos\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Emma Zaballos\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/\"},\"author\":{\"name\":\"Emma Zaballos\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58\"},\"headline\":\"Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IP\",\"datePublished\":\"2022-05-12T00:51:00+00:00\",\"dateModified\":\"2024-01-08T20:54:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/\"},\"wordCount\":568,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"keywords\":[\"BIG-IP\",\"CVE-2022-1388\",\"F5\"],\"articleSection\":[\"Research\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/\",\"name\":\"Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IP | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"datePublished\":\"2022-05-12T00:51:00+00:00\",\"dateModified\":\"2024-01-08T20:54:12+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IP\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58\",\"name\":\"Emma Zaballos\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g\",\"caption\":\"Emma Zaballos\"},\"description\":\"Product Marketing Manager\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/emma-zaballos\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IP | CyCognito Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/","og_locale":"en_US","og_type":"article","og_title":"Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IP | CyCognito Blog","og_description":"On May 4th, 2022, F5 announced their internal discovery of a remote code execution (RCE) vulnerability, CVE-2022-1388, that affects all firmware versions of their BIG-IP product.","og_url":"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/","og_site_name":"CyCognito Blog","article_published_time":"2022-05-12T00:51:00+00:00","article_modified_time":"2024-01-08T20:54:12+00:00","author":"Emma Zaballos","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Emma Zaballos","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/"},"author":{"name":"Emma Zaballos","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58"},"headline":"Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IP","datePublished":"2022-05-12T00:51:00+00:00","dateModified":"2024-01-08T20:54:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/"},"wordCount":568,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"keywords":["BIG-IP","CVE-2022-1388","F5"],"articleSection":["Research"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/","url":"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/","name":"Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IP | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"datePublished":"2022-05-12T00:51:00+00:00","dateModified":"2024-01-08T20:54:12+00:00","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/f5-big-ip\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/f5-big-ip\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IP"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58","name":"Emma Zaballos","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g","caption":"Emma Zaballos"},"description":"Product Marketing Manager","url":"https:\/\/www.cycognito.com\/blog\/author\/emma-zaballos\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=218"}],"version-history":[{"count":2,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/218\/revisions"}],"predecessor-version":[{"id":503,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/218\/revisions\/503"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}