CVE-2022-1389 F5 BIG-IP has a cross-site request forgery vulnerability in the BIG-IP Configuration utility on all versions up to 16.1.x. The vulnerability is fixed in 17.0.0.

when determining whether or not to apply a fix. All versions of 14.x, 13.x, and 12.x are at Risk. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated when determining whether or not to apply a fix. All versions of 14.x, 13.x, and 12.x are at Risk. To exploit this vulnerability, an attacker must trick a user into visiting a malicious website, click a link, or open a malicious email. An attacker may leverage social engineering tactics to trick the user into clicking a link or opening an email. An attacker may also leverage social engineering tactics to trick the user into visiting a malicious website. An attacker may leverage social engineering tactics to trick the user into visiting a malicious website. Note: The Configuration utility is highly susceptible to CSRF due to the nature of its workflow. Therefore, users should exercise extreme caution when using the Configuration utility. Note: The Configuration utility is highly susceptible to CSRF due to the nature of its workflow. Therefore, users should exercise extreme caution when using the Configuration utility. When an end-user is logged into the Configuration utility, the following occurs: The user’s browser is redirected to the BIG-IP system.

The end-user is prompted to log in.

The end-user is presented with a series of “welcome” pages, including “Diagnostics,” “License,

References ! CVE-2022-1389

https://www.bigip.com/support/article/BIG-IP_CVE_2022-1389
https://www.bigip.com/support/article/BIG-IP_CVE_2022-1389#3

Resolution:

All versions of 14.x, 13.x, and 12.x are at Risk. To mitigate this vulnerability, the following mitigation strategies should be applied:

1) Configure the content of the cookie value to a different string than “SF” in order to deny RCE on configurations and profiles. This will also prevent CSRF attacks.
2) Apply the fix for CVE-2022-1389.

Vulnerability Brief

A vulnerability in the Configuration utility in BIG-IP LTM and FTM allows for an attacker to trick a user into visiting a malicious website or opening a malicious email.

Timeline

Published on: 05/05/2022 17:15:00 UTC
Last modified on: 05/16/2022 14:29:00 UTC

References

• https://support.f5.com/csp/article/K49905324
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1389