Skip to the content.

DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution

Our reference DIVD-2022-00027
Case lead Ralph Horn
Author Pepijn van der Stap
Researcher(s)
CVE(s)
Product BIG-IP
Versions 16.1.0 - 16.1.2, 15.1.0 - 15.1.5, 14.1.0 - 14.1.4, 13.1.0 - 13.1.4, 12.1.0 - 12.1.6, 11.6.1 - 11.6.5
Recommendation If you received a notification of a vulnerability, patch your system with the information provided in this notification.
Patch status Available
Status Open
Last modified 20 Jun 2022 07:35

Summary

Days after F5 released patches for a critical remote code execution vulnerability affecting its BIG-IP family of products, a proof of concept exploit code has been released for the vulnerability with attribute CVE-2022-1388. In addition, abuse of this vulnerability has been reported. Organisations are urged to install the updates made available by F5 or to apply mitigating measures.

Impact

By leveraging the vulnerability, an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services.

What you can do

Fixes are available in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5. Firmware versions 11.x and 12.x will not receive any security updates. You can:

or

What we are doing

Timeline

Date Description
10 May 2022 DIVD starts investigating the scope and impact of the vulnerability.
10 May 2022 First version of this case file.
11 May 2022 First round of notifications sent about 500 hosts
15 May 2022 Notified another 130 vulnerable hosts
10 Jun 2022 Rescan, notifications sent out for the remaining vulnerable hosts
10 Jun 2022 Shared the data concerning the Netherlands with the Digital Trust Center and the Dutch Security Clearing House (Security Meldpunt)
gantt title DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution (still open) :2022-05-10, 2022-07-01 section Events DIVD starts investigating the scope and impact of the vulnerability. : milestone, 2022-05-10, 0d First version of this case file. : milestone, 2022-05-10, 0d First round of notifications sent about 500 hosts : milestone, 2022-05-11, 0d Notified another 130 vulnerable hosts : milestone, 2022-05-15, 0d Rescan, notifications sent out for the remaining vulnerable hosts : milestone, 2022-06-10, 0d Shared the data concerning the Netherlands with the Digital Trust Center and the Dutch Security Clearing House (Security Meldpunt) : milestone, 2022-06-10, 0d

More information