Update
This is an update to an Alert the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) issued on 09 May 2022.
Multiple Critical and High risk vulnerabilities exist in certain versions of F5 products.
As of 10 May 2022, the ASD’s ACSC is aware of malicious cyber actors actively exploiting vulnerable versions of F5 products in Australia and globally.
Given the widespread exploitation of this vulnerability, the ASD’s ACSC encourages all organisations to assume their F5 products may have been compromised and initiate investigative procedures in addition to applying security patches.
Background / What has happened?
In May 2022, F5 released a security advisory relating to multiple Critical and High rated CVE’s, including CVE-2022-1388 with a CVSS score of 9.8, on multiple versions of their BIG-IP product line.
CVE-2022-1388 allows malicious actors to bypass authentication on internet-exposed iControl interfaces, potentially executing arbitrary commands, creating or deleting files, or disabling services.
The ASD’s ACSC is aware of Proof of Concept code exploiting CVE-2022-1388, and attempts by malicious actors to exploit this vulnerability on Australian networks.
Mitigation / How do I stay secure?
Patches are available for all High and Critical rated CVE’s in F5’s Security advisory, and most have mitigation actions in the event immediate patching is not possible.
The ASD’s ACSC recommend that F5 users continue to monitor the F5 website for updates and future vulnerabilities.
Assistance / Where can I go for help?
The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD’s ACSC via cyber.gov.au/report, or 1300 CYBER1.