F5 Networks’ BIG-IP multi-purpose networking devices/modules are vulnerable to unauthenticated remote code execution attacks via CVE-2022-1388.
“This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services,” F5 warned yesterday.
It should be noted that vulnerabilities affecting BIG-IP devices are often exploited by various hackers, including state-sponsored ones, so organizations might want to hurry up and patch.
Blocking iControl REST access through the self IP address.
In general, not exposing BIG-IP’s management interface to the internet is good advice, though apparently not taken by many organizations: According to the results of Nate Warfield’s Shodan search, there are over 16,000 BIG-IP devices eposed on the internet out there.
According to F5 Networks, 48 of the Fortune 50 companies use BIG-IP networking devices/modules as server load balancers, access gateways, and application delivery controllers and firewalls, to manage and inspect network and application traffic.