CVE-2022-1388 is a critical vulnerability (CVSS 9.8) in the management interface of F5 Networks’ BIG-IP solution that enables an unauthenticated attacker to gain remote code execution on the system through bypassing F5’s iControl REST authentication. The vulnerability was first discovered by F5’s internal product security team and disclosed publicly on May 4, 2022.
Affected Devices: Everything older than BIG-IP 17. Patches are available for BIG-IP 13-16. BIG-IP 11 and 12 are vulnerable but too old to be patched.
**We put 10 limited copies to sale at: https://satoshidisk.com/pay/CFP4Ec**
So what should you do?
Usually, I recommend patching first and later attending to the configuration issues. But in this case, I will swap this order: First, make sure you are not exposing the admin interface. If you can't manage that: Don't try patching. Turn off the device instead. If the configuration interface is safe: Patch.
A bit of Googling will lead you to excellent configuration guides like https://github.com/dnkolegov/bigipsecurity/blob/master/README.md . But if all fails: I hear that there may be a manual and help pages provided by F5. If you tossed it when you first unpacked the device: They got it online!
How big of an issue is this? There are not a lot of these devices exposed, luckily. The numbers are a bit "all over," but likely around a thousand. Censys lists 2,555 (https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=services.http.response.html_title%3A+%22BIG-IP%26reg%3B-+Redirect%22+ ) Shodan shows 534,051 if you search for BigIP, but this isn't just the management interface. These are also websites behind BIG IP load balancers.