Have you patched this actively exploited BIG-IP vulnerability?

Threat Level – Amber | Vulnerability Report
Download PDF


For a detailed advisory, download the pdf file here

Last week, F5 patched a vulnerability tracked as CVE-2022-1388, soon after a successful Proof-of-concept(PoC) was developed by security researchers making it susceptible to further exploitation.

This authentication bypass vulnerability affects the iControl REST component in BIG-IP systems. An unauthenticated attacker could use this flaw to gain initial access and control of a vulnerable machine, allowing remote code execution.

This vulnerability has been fixed in versions 17.0.0,,, or 13.1.5. Organizations that are unable to update their versions are advised to follow these mitigations: •Blocking iControl REST access through the self IP address •Blocking iControl REST access through the management interface •Modifying the BIG-IP httpd configuration

Potential MITRE ATT&CK TTPs are:

TA0042: Resource Development

T1588: Obtain Capabilities

T1588.005: Obtain Capabilities: Exploits

T1588.006: Obtain Capabilities: Vulnerabilities

TA0001: Initial Access

T1190: Exploit Public-Facing Application

Vulnerability Details

Patch Links




What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox