h0w1tzr’s Commentary: This is yet another trivial vulnerability for attackers to use. It’s an API endpoint that allows attackers to run commands via bash on the F5 BIG-IP as root. If your company runs BIG-IP and you haven’t patched yet I highly recommend you apply their patch immediatly!
Cloud security and application delivery network (ADN) provider F5 on Wednesday released patches to contain 43 bugs spanning its products. Of the 43 issues addressed, one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low in severity. Chief among the flaws is CVE-2022-1388, which carries a CVSS score of 9.8 out of a maximum of 10 and stems from a lack of authentication check, potentially allowing an attacker to take control of an affected system.