Heads up for network administrators with F5’s BIG-IP family of networking devices in their environment: There is a new security update available for the newly disclosed critical remote code execution vulnerability (CVE-2022-1388). Several security researchers have already created working exploits, so administrators need to move quickly and secure their networks before the attackers come knocking.
According to security researcher Kevin Beaumont, attackers are already trying to exploit the flaw and and dropping webshells. The vulnerability is “trivial” to exploit, Horizon3 said on Twitter. Horizon3 is among the several groups that have already developed a working exploit.
The critical flaw (with a score of 9.8 under the Common Vulnerability Scoring System) affects the BIG-IP iControl REST authentication component, F5 said on May 4. If exploited, remote adversaries can bypass authentication and execute commands with elevated privileges. They could target this vulnerability to gain…