Experts developed exploits for CVE-2022-1388 RCE in F5 BIG-IP products

A few days after F5 addressed the critical CVE-2022-1388 Remote Code execution flaw in its BIG-IP products, researchers created exploits for it.

Last week security and application delivery solutions provider F5 released its security notification to inform customers that it has released security updates from tens of vulnerabilities in its products.

The company addressed a total of 43 vulnerabilities, the most severe one is a critical issue tracked as CVE-2022-1388 (CVSS score of 9.8). An unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses can exploit the CVE-2022-1388 flaw to execute arbitrary system commands, create or delete files, or disable services.

“This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.” reads the advisory published by the vendor.”

The flaw affects the following versions:

16.1.0 – 16.1.2
15.1.0 – 15.1.5
14.1.0 – 14.1.4
13.1.0 – 13.1.4
12.1.0 – 12.1.6
11.6.1 – 11.6.5

and the vendor addressed it with the release of:

17.0.0
16.1.2.2
15.1.5.1
14.1.4.6
13.1.5

The company provided the following temporary mitigations for customers that cannot install the patched versions:

Block iControl REST access through the self IP addressBlock iControl REST access through the management interfaceModify the BIG-IP httpd configuration

Now researchers at Positive Technologies announced to have developed an exploit code for CVE-2022-1388 in F5’s BIG-IP and urge admins to address it asap to protect their systems.

We have reproduced the fresh CVE-2022-1388 in F5’s BIG-IP.

Successful exploitation could lead to RCE from an unauthenticated user.

Patch ASAP! pic.twitter.com/WjlWtTgSVz

— PT SWARM (@ptswarm) May 7, 2022

Researchers from Horizon3 Attack Team also confirmed that the CVE-2022-1388 is trivial to exploit, the experts also plan to release a POC exploit code this week.

The new F5 RCE vulnerability, CVE-2022-1388, is trivial to exploit. We spent some time chasing unrelated diffs within the newest version, but @jameshorseman2 ultimately got first blood. We’ll release a POC next week to give more time for orgs to patch.#f5 #CyberSecurity pic.twitter.com/O1SivUE4vA

— Horizon3 Attack Team (@Horizon3Attack) May 6, 2022

Researchers are warning of threat actors already attempting to exploit this vulnerability:

[CTI] Our CTI team identified a lot of activities targeting F5 BIG-IP (CVE-2022-1388) https://t.co/ZzbBhbXbSS

— VulDB (@vuldb) May 8, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: 
https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, F5 BIG)

The post Experts developed exploits for CVE-2022-1388 RCE in F5 BIG-IP products appeared first on Security Affairs.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt