This F5 security flaw is one of the most dangerous ever seen

An image of security icons for a network encircling a digital blue earth.
(Image credit: Shutterstock)

A super high-severity vulnerability, allowing threat actors to take full control of target endpoints, is being abused in the wild, researchers are saying.

The flaw is tracked as CVE-2022–1388 and carries a severity rating of 9.8/10. It is found in BIG-IP, a suite of both hardware and software, that can act as load balancers and firewalls.

These are the products of multi-cloud security and application delivery company, F5, arnd are used by 48 members of the Fortune 50 group of companies, with around 16,000 endpoints able to be discovered online. As these devices are used to manage web server traffic, they can often see decrypted contents of HTTPS-protected traffic, adding an extra level of threat.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Threat of ransomware

The flaw in question revolves around the way admins confirm their identities when logging into iControl REST, a programming interface used to manage BIG-IP gear. In other words, people can pretend to be an admin, allowing them to run commands on different endpoints. 

Researchers are warning admins to patch up their systems immediately, as elevated privileges mean threat actors could install malware, or ransomware, on vulnerable devices. 

The flaw was discovered only last week, but the patch is already available for all firmware versions, starting with 13.1.0. Admins running older versions (11.x and 12.x) need to upgrade to a newer version, as soon as possible, as these versions have reached end of life and are not supported. 

For admins that are unable to patch their systems right now, F5 has suggested three workarounds, including blocking iControl REST access through the self IP address, blocking iControl REST access through the management interface, or modifying the BIG-IP httpd configuration. The guide for these workarounds can be found on these links (1,2,3).

Still, given the severity of the vulnerability, admins are encouraged to go for the patch, rather than workarounds, as soon as possible.

Via: ArsTechnica

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.