Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in BIG-IP iControl REST

5 May 2022

F5 has released security updates for the BIG-IP Application Delivery Controller, addressing multiple vulnerabilities including a critical vulnerability (CVE-2022-1388). The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10 and affects the iControl REST component.

Successful exploitation of the vulnerability could allow an unauthenticated attacker with network access on an affected BIG-IP system to execute arbitrary system commands, create or delete files, or disable services.

The following BIG-IP product versions are affected:

  • 16.1.0 - 16.1.2

  • 15.1.0 - 15.1.5

  • 14.1.0 - 14.1.4

  • 13.1.0 - 13.1.4

  • 12.1.0 - 12.1.6

  • 11.6.1 - 11.6.5

Administrators of the affected versions are advised to upgrade to the latest product versions immediately.

More information is available here:

https://support.f5.com/csp/article/K23605346

https://support.f5.com/csp/article/K55879220

Back to top