This week, Rapid7 researchers discovered two high-severity vulnerabilities in F5 BIG-IP and BIG-IQ products running customized distribution of CentOS. CVE-2022-41622 is an unauthenticated remote code execution vulnerability impacting BIG-IP products, while CVE-2022-41800 is an authenticated remote code execution vulnerability impacting BIG-IQ products.
According to F5, an attacker may exploit CVE-2022-41622 to trick users who have Resource Administrator role privileges and are authenticated through basic authentication in iControl SOAP. Even though the vulnerability can only be exploited through the control plane, an attacker can compromise the complete system if successful.
Rapid7’s researchers stated that although CVE-2022-41622 is the more serious vulnerability, an attacker would only be successful if an administrator with an active session is tricked into visiting a malicious website with the same browser used for managing BIG-IP. The vulnerable versions of BIG-IP are as follows:
As for CVE-2022-41800, F5 stated that an authenticated attacker with valid user credentials assigned as Administrator may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. If successful, the vulnerability could allow the attacker to cross a security boundary. The vulnerable versions of BIG-IQ are as follows:
Although F5 is not aware of any exploitation incidents, they still recommend that all impacted customers request the engineering hotfix for their product version from F5 and install the hotfix manually.
F5 Recommends the following to mitigate CVE-2022-41622:
F5 recommends the following to mitigate CVE-2022-41800 until you can install the fixed version:
At this time, there are no known IoCs associated with CVE-2022-41622 and CVE-2022-41800. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.