This is an update to an Alert the ACSC issued on 09 May 2022.
Multiple Critical and High risk vulnerabilities exist in certain versions of F5 products.
As of 10 May 2022, the ACSC is aware of malicious cyber actors actively exploiting vulnerable versions of F5 products in Australia and globally.
Given the widespread exploitation of this vulnerability, the ACSC encourages all organisations to assume their F5 products may have been compromised and initiate investigative procedures in addition to applying security patches.
Background / What has happened?
In May 2022, F5 released a security advisory relating to multiple Critical and High rated CVE’s, including CVE-2022-1388 with a CVSS score of 9.8, on multiple versions of their BIG-IP product line.
CVE-2022-1388 allows malicious actors to bypass authentication on internet-exposed iControl interfaces, potentially executing arbitrary commands, creating or deleting files, or disabling services.
The ACSC is aware of Proof of Concept code exploiting CVE-2022-1388, and attempts by malicious actors to exploit this vulnerability on Australian networks.
Mitigation / How do I stay secure?
Patches are available for all High and Critical rated CVE’s in F5’s Security advisory, and most have mitigation actions in the event immediate patching is not possible.
The ACSC recommend that F5 users continue to monitor the F5 website for updates and future vulnerabilities.
Assistance / Where can I go for help?
The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via cyber.gov.au/report, or 1300 CYBER1.