The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) released a joint advisory on the remote code execution (CVE-2022-1388) vulnerability found in the F5 BIG-IP products. 

F5 has since released a patch for CVE-2022-1388 on May 4, 2022, Affected and fixed F5 BIG-IP versions are shown in the below table.

______________________________

A. Nature of Vulnerability

CVE-2022-1388

CVE-2022-1388 allows unauthenticated attackers with network access to the BIG-IP system to run arbitrary code and gain control via the management port or self-IP addresses.

______________________________

B. List of Affected Versions and Fixed Versions

BIG-IP (all modules)

Affected VersionsFixed Version
16.1.0 – 16.1.216.1.2.2
15.1.0 – 15.1.515.1.5.1
14.1.0 – 14.1.414.1.4.6
13.1.0 – 13.1.413.1.5
12.1.0 – 12.1.6Not fixed – EOL
11.6.1 – 11.6.5Not fixed – EOL

______________________________

C. Actions to be Taken

CERT-PH recommends the following actions to be taken:

  • Administrators are urged to apply the necessary updates to mitigate from known security threats.
    • Note: Users/ Administrators who cannot upgrade their BIG-IP devices immediately may refer to the official security advisory released by F5 as a mitigation measure: (https://support.f5.com/csp/article/K23605346)
  • Proactively monitor and secure identified systems and devices for any suspicious/malicious activities.
  • Common management ports should be closed on your virtual machines 
  • In addition to,  providing and capacitating employees with cybersecurity knowledge and information to minimize the attack surface.
  • For additional information, kindly refer to the official Advisory (https://support.f5.com/csp/article/K23605346)