CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. [CISA Cybersecurity Alerts]

CyberWire Daily

N2K Networks, Inc.

Technology, Daily News, News, Tech News

4.8 • 1.1K Ratings

🗓️ 19 May 2022

⏱️ 4 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC), are releasing this joint Cybersecurity Advisory in response to active exploitation of CVE-2022-1388. This vulnerability is a critical iControl REST authentication bypass vulnerability affecting multiple versions of F5 Networks BIG-IP. AA22-138A Alert, Technical Details, and Mitigations F5 Security Advisory K23605346 and indicators of compromise F5 guidance K11438344 for remediating a compromise Emerging Threats suricata signatures Palo Alto Networks Unit 42 Threat Brief: CVE-2022-1388. This brief includes indicators of compromise. Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Advisory: Critical F5 BIG-IP Vulnerability. This blog includes indicators of compromise. Note: due to the urgency to share this information, CISA and MS-ISAC have not yet validated this content. Randori’s bash script. This script can be used to identify vulnerable instances of BIG-IP. Note: MS-ISAC has verified this bash script identifies vulnerable instances of BIG-IP. All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	This is a SISA cybersecurity alert.
0:16.0	ID number Alpha Alpha 22 TAC 138 Alpha.
0:21.0	Original release date, May 18th, 2022.
0:25.0	CISA and the Multistate Information Sharing and Analysis Center, also called MSISAC, are releasing this joint cybersecurity advisory in response
0:35.8	to active exploitation of CBE-2020-22-1388.
0:41.6	This vulnerability is a critical eye-control rest authentication bypass vulnerability affecting multiple versions of F5 networks big IP.
0:50.0	This recently disclosed vulnerability enables an unauthenticated actor to gain control of affected systems through the management port or self-IP addresses.
0:59.0	An unauthenticated actor with network access to the big IP system could exploit the vulnerability to
1:03.9	execute arbitrary system commands, create or delete files, or disable services.
1:09.9	F5 released a patch for the CVEE on May 4th, 2022.
1:14.0	Proof of concept exploits have since been publicly released,
1:17.0	enabling less sophisticated actors to exploit the vulnerability.
1:20.0	Unpatched F5 Big IP devices are an attractive target.
1:24.1	Organizations that have not applied the patch are vulnerable to cyber actors taking control of their
1:28.6	systems.
1:29.6	There is active exploitation of this vulnerability in the wild, and SISA expects to see
1:34.9	widespread exploitation of unpatched F5 big IP devices in both government and private sector
1:39.8	networks.
1:41.3	SISA strongly urges users and administrators to use the recommendations in this advisory, including
1:46.6	upgrading their software to fixed versions, to help secure their organization systems against
1:51.2	malicious cyber operations.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.