What happened?

A few days after the company F5 released patches for a remote code execution vulnerability impacting its BIG-IP products, a working proof of concept (POC) was discovered, CVE 2022-1388. Security engineers reverse-engineered the F5 patch to uncover the vulnerability. As shown in the image below, exploiting this vulnerability only requires sending a POST request with a specially-crafted payload. 

Malicious actors have already weaponized this exploit and it is actively being exploited. We highly recommend patching as soon as possible.

What products are affected?

This vulnerability impacts the following versions of BIG-IP products:

• 16.1.0 - 16.1.2
• 15.1.0 - 15.1.5
• 14.1.0 - 14.1.4
• 13.1.0 - 13.1.4
• 12.1.0 - 12.1.6
• 11.6.1 - 11.6.5

Is there a mitigation patch or update?

Fixes are available in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5

Think you’ve been exposed?

If you think you may be at risk of this CVE, you need to have a scan run ASAP to confirm. Red Sentry’s exploit engine can perform a proof of concept to confirm your vulnerability status. Reach out today for a free F5 Big-IP (CVE 2022-1388) scan.