Horizon3ai Publishes Root Cause Of CVE-2022-1388, F5’s BIG-IP iControl REST Endpoint Critical Vulnerability

F5 recently patched a critical vulnerability in their BIG-IP iControl REST endpoint CVE-2022-1388. This vulnerability is particularly worrisome for users because it is simple to exploit and provides an attacker with a method to execute arbitrary system commands.

Attack engineers with Horizon3ai discovered the root cause of the vulnerability and have published an examination of its inner workings in “F5 iControl REST Endpoint Authentication Bypass Technical Deep Dive,” authoredby Horizon3ai

Experts Comments

May 10, 2022
Zach Hanley
Chief Attack Engineer
Horizon3ai

The mitigations released by F5 for CVE-2022-1388 were a hint on where to look when reversing the application, so we expect that threat actors may have also discovered the root cause as well. We fully expect by end of next week that this will be taken advantage of by threat actors.

The impact of this vulnerability will be pretty significant as it provides root access. These devices are used by most large corporations and also historically tough to update. This vulnerability only affects the

.....Read More

The mitigations released by F5 for CVE-2022-1388 were a hint on where to look when reversing the application, so we expect that threat actors may have also discovered the root cause as well. We fully expect by end of next week that this will be taken advantage of by threat actors.

The impact of this vulnerability will be pretty significant as it provides root access. These devices are used by most large corporations and also historically tough to update. This vulnerability only affects the management side of the device, which should not be exposed to the internet, however, other members of the infosec community, Nate Warfield and Jacob Baines, did some initial research and found that around 2500 organizations, despite the bad practice, still expose the management plane to the internet.

For these organizations, the vulnerability with provide an entry point into their networks.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.