"Exploits Created for Critical F5 BIG-IP Flaw, Install Patch Immediately"

Cybersecurity researchers from Horizon3 and Positive Technologies created exploits for a new critical Remote Code Execution (RCE) vulnerability in F5 BIG-IP networking devices, warning all administrators to immediately install the latest security updates to fix the flaw. The vulnerability, tracked as CVE-2022-1388, impacts the BIG-IP iControl REST authentication component. The exploitation of this flaw could allow remote actors to circumvent authentication and execute commands on F5 BIG-IP networking devices, which are commonly used in the enterprise network environment. This RCE vulnerability poses a major risk to security as it would allow threat actors to gain initial access to a network and then spread laterally to other devices, leading to the theft of corporate data or the deployment of ransomware on all of the network's devices. The researchers say it only took them two days to create the exploits, and they expect threat actors to start abusing the F5 BIG-IP vulnerability soon. This article continues to discuss the critical F5 BIG-IP RCE flaw, the exploits created for the vulnerability, and the BIG-IP security updates released by F5. 

Bleeping Computer reports "Exploits Created for Critical F5 BIG-IP Flaw, Install Patch Immediately"