CISA: Unpatched F5 BIG-IP Devices Under Active AttackCISA: Unpatched F5 BIG-IP Devices Under Active Attack
Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns.
May 18, 2022
The Cybersecurity Infrastructure and Security Agency (CISA) has issued a warning about active exploits against unpatched F5 Network's BIG-IP systems.
A patch for the vulnerability (CVE-2022-1388) was issued on May 4; since then, working proof-of-concept exploits have circulated among cybercriminals, making it easier for even less-skilled attackers to take advantage, CISA explains.
Along with CISA, the F5 BIG-IP vulnerability alert was issued by the Multi-State Information and Analysis Center (MS-ISAC). Both organizations "strongly urge" administrators to upgrade F5's BIG-IP systems to a patched version.
"According to public reporting, there is active exploitation of this vulnerability, and CISA and MS-ISAC expect to see widespread exploitation of unpatched F5 BIG-IP devices (mostly with publicly exposed management ports or self IPs) in both government and private sector networks," the alert states.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Modernize your Security Operations with Human-Machine Intelligence
AI in Cybersecurity: Using artificial intelligence to mitigate emerging security risks
Managed Security and the 3rd Party Cyber Risk Opportunity Whitepaper