F5 has released an advisory on their website disclosing a critical vulneraibility in BIG-IP products being exploited in the wild. Dubbed CVE-2022-1388 with a CVSS score of 9.8 (out of 10), it allows an attacker to bypass authentication, execute commands, delete all files and remove all traces in logs.
A fix has been released for some versions including 16.1.0 – 1.2, 15.1.0 – 1.5, 14.1.0 – 1.4, and 13.1.0 – 1.4 while versions 12.1.0-1.6 and 11.6.1-6.5 will not have a fix.
Learn how to mitigate this risk and fix on F5’s support article.