F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability
May 05, 2022
Cloud security and application delivery network ( ADN ) provider F5 on Wednesday released patches to contain 43 bugs spanning its products. Of the 43 issues addressed , one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low in severity. Chief among the flaws is CVE-2022-1388 , which carries a CVSS score of 9.8 out of a maximum of 10 and stems from a lack of authentication check, potentially allowing an attacker to take control of an affected system. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services," F5 said in an advisory. "There is no data plane exposure; this is a control plane issue only." The security vulnerability, which the company said was discovered internally, affects BIG-IP products with the following versions - 16.1.0 - 16.1.2 15.1.0 ...
