reports that F5 has warned against 18 security vulnerabilities
impacting its BIG-IP system, one of which is critical and could be exploited to enable arbitrary system command execution.
Threat actors could also able the flaw, tracked as CVE-2022-1388 and found within the iControl REST component, to allow file actions, deactivate services, and perform total system takeovers. F5 noted that BIG-IP versions 11.6.1 to 11.6.5, versions 12.1.0 to 12.1.6, versions 13.1.0 to 13.1.4, versions 14.1.0 to 14.1.4, versions 15.1.0 to 15.1.5, and versions 16.1.0 to 16.1.2, are impacted by the bugs, which have been fixed in v13.1.5, v220.127.116.11, v18.104.22.168, v22.214.171.124, and v17.0.0. Moreover, the vulnerability does not affect BIG-IQ Centralized Management, F5OS-A, F5OS-C, and Traffic SDC, according to the advisory. Aside from the critical flaw, F5 has also advised customers to remediate 17 other high-severity BIG-IP flaws.
Vulnerabilities in F5 BIG-IP devices may have a significant effect as security researcher Nate Warfield discovered that more than 16,000 devices are publicly exposed and are at risk of being compromised.