F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems

Application assistance company F5 is warning a critical vulnerability allows unauthenticated hackers with network accessibility to execute arbitrary commands on its Massive-IP methods.

The F5 Huge-IP is a mix of program and hardware that is developed all-around accessibility regulate, software availability and security remedies.

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

The vulnerability is tracked as CVE-2022-1388  with a severity rating of 9.8 out of 10 by the Widespread Vulnerabilities Scoring Program (CVSS) model 3.90.

In accordance to F5, the flaw resides in the representational condition transfer (Relaxation) interface for the iControl framework which is utilized to communicate among the F5 gadgets and buyers.

Risk actors can ship undisclosed requests and leverage the flaw to bypass the iControl Relaxation authentication and entry the F5 Major-IP systems, an attacker can execute arbitrary instructions, produce or delete data files or disable servers.

“This vulnerability may make it possible for an unauthenticated attacker with network obtain to the Huge-IP process through the administration port and/or self IP addresses to execute arbitrary technique instructions, produce or delete files, or disable services,” said F5 in an advisory. “There is no info plane exposure this is a regulate airplane issue only,” they additional.

A self-IP deal with is an IP tackle on a Massive-IP procedure, that a client makes use of to affiliate with VLAN.

The Cybersecurity and Infrastructure Security Company (CISA) issued an warn and advised users to utilize the necessary updates.

Impacted Versions

The security vulnerability that has an effect on the Major-IP item variation are:

• 1. to 16.1.2
• 1. to 15.1.5
• 1. to 14.1.4
• 1. to 13.1.4
• 1. to 12.1.6
• 6.1 to 11.6.5

The F5 will not introduce fixes for versions 11.x (11.6.1 – 11.6.5) and 12.x (12.1. – 12.1.6).

The patches for versions v17.., v16.1.2.2, v15.1.5.1, v14.1.4.6, and v13.1.5 were being released by F5.

The advisory by F5 clarifies that the CVE-2022-1388 has no outcome on other F5 merchandise – Large-IQ Centralized Management, F5OS-A, F5OS-C, or Website traffic SDC.

F5 affected products and solutions and mounted variations (Supply: F5)

The Massive-IP products are commonly built-in into the enterprises there is a significant threat of common attack.

Security researcher Nate Warfield documented in a tweet that practically 16,000 Massive-IP gadgets are exposed to the internet. A query shared by Warfield demonstrates the uncovered gadgets on Shodan.

Most of the uncovered Massive-IP gadgets are found in the Usa, China, India, and Australia. These programs are allotted to Microsoft corporation, Google LLC, DigitalOcean, and Linode.

Mitigations

Three “temporary mitigation” procedures have been recommended by F5, for individuals who simply cannot deploy security patches instantly.

According to F5 “You can block all obtain to the iControl Relaxation interface of your Huge-IP process through self IP addresses”. This can be finished by shifting the Port Lockdown configurations to Allow None for each individual self-IP handle in the process.

One more mitigation process is to limit iControl Rest obtain by the management interface or modify the Huge-IP httpd configuration.

Moreover, F5 has also produced a far more generic advisory to deal with an additional set of 17 high severity vulnerabilities learned and fastened in Huge-IP.

In July 2020, a critical RCE bug still left countless numbers of F5 Large-IP users’ accounts vulnerable to an attacker.