As of last week, F5 disclosed a new critical remote code execution in BIG-IP networking devices tracked as CVE-2022-1388. This vulnerability can lead to RCE (Remote Code Execution) for unauthenticated users. The threat is somewhat mitigated by the fact that the vulnerability only exists in the device management console which is not typically exposed to the public internet. However, there are known instances of the management portal being remotely accessible, and the vulnerability is still critical even when limited to internal networks. F5 has a patch available for BIG-IP devices and is recommending all users update immediately.
WhiteHat’s detection research team is currently developing a Sentinel check and anticipates scanning of customer sites will begin within the next 24 hours. We will update this blog post once the check is live.