Threat actors have started massively exploiting the critical vulnerability tracked as
CVE-2022-1388, which affects multiple versions of all F5 BIG-IP modules, to drop malicious payloads.
F5 last week
released patches for the security issue (9.8 severity rating), which affects the BIG-IP iControl REST authentication component.
The company warned that the vulnerability enables an unauthenticated attacker on the BIG-IP system to run “arbitrary system commands, create or delete files, or disable services.”
At the moment, there are thousands of BIG-IP systems exposed on the internet, so attackers can leverage the exploit remotely to breach the corporate network.
