Horizon3ai Publishes Root Cause Of CVE-2022-1388, F5’s BIG-IP iControl REST Endpoint Critical Vulnerability

By   ISBuzz Team
Writer , Information Security Buzz | May 10, 2022 05:30 am PST

F5 recently patched a critical vulnerability in their BIG-IP iControl REST endpoint CVE-2022-1388. This vulnerability is particularly worrisome for users because it is simple to exploit and provides an attacker with a method to execute arbitrary system commands.

Attack engineers with Horizon3ai discovered the root cause of the vulnerability and have published an examination of its inner workings in “F5 iControl REST Endpoint Authentication Bypass Technical Deep Dive,” authoredby Horizon3ai

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Zach Hanley
Zach Hanley , Chief Attack Engineer
May 10, 2022 1:30 pm

The mitigations released by F5 for CVE-2022-1388 were a hint on where to look when reversing the application, so we expect that threat actors may have also discovered the root cause as well. We fully expect by end of next week that this will be taken advantage of by threat actors.

The impact of this vulnerability will be pretty significant as it provides root access. These devices are used by most large corporations and also historically tough to update. This vulnerability only affects the management side of the device, which should not be exposed to the internet, however, other members of the infosec community, Nate Warfield and Jacob Baines, did some initial research and found that around 2500 organizations, despite the bad practice, still expose the management plane to the internet.

For these organizations, the vulnerability with provide an entry point into their networks.

Last edited 1 year ago by Zach Hanley

Recent Posts

Would love your thoughts, please comment.x