The Cybersecurity Infrastructure and Safety Company (CISA) has issued a warning about lively exploits towards unpatched F5 Community’s BIG-IP programs.
A patch for the vulnerability (CVE-2022-1388) was issued on Might 4; since then, working proof-of-concept exploits have circulated amongst cybercriminals, making it simpler for even less-skilled attackers to take benefit, CISA explains.
Together with CISA, the F5 BIG-IP vulnerability alert was issued by the Multi-State Info and Evaluation Heart (MS-ISAC). Each organizations “strongly urge” directors to improve F5’s BIG-IP programs to a patched model.
“In response to public reporting, there may be lively exploitation of this vulnerability, and CISA and MS-ISAC anticipate to see widespread exploitation of unpatched F5 BIG-IP gadgets (principally with publicly uncovered administration ports or self IPs) in each authorities and personal sector networks,” the alert states.
