F5 has released security advisories on vulnerabilities affecting multiple products, including various versions of BIG-IP. Included in the release is an advisory for CVE-2022-1388, which allows undisclosed requests to bypass the iControl REST authentication in BIG-IP. An attacker could exploit CVE-2022-1388 to take control of an affected system.
CISA encourages users and administrators to review the F5 webpage, Overview of F5 vulnerabilities (May 2022), and apply the necessary updates or workarounds.
Please share your thoughts.
We recently updated our anonymous product survey; we'd welcome your feedback.