Exploits created for critical F5 BIG-IP flaw – install patch immediately

Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability.

Last week, F5 disclosed a new critical remote code execution in BIG-IP networking devices tracked as CVE-2022-1388. This vulnerability affects the BIG-IP iControl REST authentication component and allows remote threat actors to bypass authentication and execute commands on the device with elevated privileges.

As F5 BIG-IP devices are commonly used in the enterprise, this vulnerability is a significant risk as it would allow threat actors to exploit the bug to gain initial access to networks and then spread laterally to other devices.

Read more…
Source: Bleeping Computer