CVE-2022-1388 — F5 BIG-IP Missing Authentication Vulnerability
2022-05-10 • CISA Known Exploited Vulnerability
[event] F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | F5 |
| Product | BIG-IP |
| CWE | CWE-306 |
| CVE ID | CVE-2022-1388 |
| Date Added | 2022-05-10 |
| Due Date | 2022-05-31 |
| Ransomware Campaign | Known — this vulnerability has been leveraged in ransomware campaigns |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-05-31