Security researchers say they have created an exploit for a recently discovered remote code execution error (RCE) that affects the BIG-IP family of F5 Network network devices / modules and could allow an attacker to execute commands on a vulnerable device with elevated privileges.

Tracked CVE-2022-1388 and with a baseline CVSS score of 9.8, the flaw was found in the iControl REST authentication component and may allow a remote threat participant to bypass authentication verification and perform a complete system takeover.

Researchers from cybersecurity companies Positive Technologies and Horizon3 said they had managed to create exploits for the new F5 BIG-IP bug.

“We’ve reproduced the new CVE-2022-1388 in F5’s BIG-IP,” Positive Technologies said on Friday. “Fix it as soon as possible!”

That’s what Horizon3 chief attack engineer Zack Hanley said BleepingComputer that they were able find the defect in just two days and expect threats to start hacking devices soon.

“Given that the mitigations released by F5 for CVE-2022-1388 were a very big hint as to where to look when reversing the app, we expect that those involved in the threat may have found the root cause,” Hanley said. .

“It took Horizon3.ai’s attack team of two security researchers two days to find the root cause, so we fully expect it to take advantage of the threat by the end of next week.”

The impact of this problem will be significant, according to Hanley, as it allows threats to gain root access to devices that hackers would use to gain initial access to corporate networks.

Horizon3 said it would launch a concept-proof operation (PoC) this week to encourage companies to install updates quickly.

Last week, F5 released patches for the error and advised BIG-IP administrators to install security updates immediately.

“This vulnerability could allow an unauthorized attacker with network access to the BIG-IP system through the management port and / or its own IP addresses to execute arbitrary system commands, create or delete files or disable services,” the company said in a statement.

The error affects the following versions of BIG-IP products:

  • 16.1.0 – 16.1.2
  • 15.1.0 – 15.1.5
  • 14.1.0 – 14.1.4
  • 13.1.0 – 13.1.4
  • 12.1.0 – 12.1.6
  • 11.6.1 – 11.6.5

Versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6 and 13.1.5 include fixes.

Organizations that use firmware versions 11.x and 12.x should consider upgrading to a newer version or using workarounds, as these versions will not receive security upgrades.

In case a fixed version cannot be installed, F5 has proposed some mitigation measures. They are:

  • blocking access to the iControl REST interface via its own IP addresses,
  • blocking access to iControl REST through the management interface
  • change the BIG-IP httpd configuration

Security vulnerabilities in BIG-IP devices are often exploited by various hacker groups, including state-sponsored hackers, so organizations need to act quickly to fix their devices.

According to F5 Networks, 48 ​​of the Fortune 50 companies use BIG-IP network devices / modules to manage and analyze network and application traffic. These devices are used as load balancing servers, access gateways, application delivery controllers and firewalls by telecommunications companies, large cloud service providers and government agencies.

According to Rapid7 researcher Jacob Baines, about 2,500 devices are still available on the Internet, making the lack of F5 BIG-IP a significant organizational risk.



https://www.computing.co.uk/news/4049319/rce-exploit-created-critical-f5-big-ip-bug

Previous articleThe Realme V23i will come with a 5000 mAh battery and supports 1TB expansion on the card
Next articleWordle’s response on Monday was as controversial as possible