Threat Advisory

F5 Big IP critical vulnerability

May 11, 2022 | By Accorian

Recently F5 released a security patch for a critical vulnerability found in their BIG-IP products which could allow an attacker to make requests to bypass iControl REST authentication. Some researchers claimed that they were able to create a working exploit for this vulnerability. Today, the exploit has become public and the proof-of-exploit code is shared all over social media. The exploits are used wildly to deploy web shells for backdoor access on the exposed hosts. 

The vulnerability allows an attacker with network access to the BIG-IP system to execute arbitrary system commands which can disable services, delete and create new files and deploy web shells which can lead to information theft or ransomware. Some security researchers also alleged that this could be corporate espionage because of how easy the vulnerability was to exploit. 

The versions impacted are 16.1.0 – 16.1.2, 15.1.0 – 15.1.5, 14.1.0 – 14.1.4, 13.1.0 – 13.1.4, 12.1.0 – 12.1.6 and 11.6.1 – 11.6.5. Fixes are available in versions 17.0.0,,,, and 13.1.5. It should be noted that Firmware versions 11.x and 12.x will not receive security updates. Users relying on these versions should upgrade to the newer versions. F5 also released some workarounds if immediate up-gradation is not possible: 

  • Block iControl REST access through the self IP address
  • Block iControl REST access through the management interface
  • Modify the BIG-IP httpd configuration.

It is recommended the administrators install the latest updates immediately. For a more detailed view of the mitigation please refer to the official release from F5 here

Accorian can help identify this vulnerability in your environment. Kindly reply to this mail and someone from our team will reach out to you to resolve the issue. 


Recent Post

Ready to Start?

Ready to Start?​

Drop your CVs to

Interested Position

Download Case study

Download SOC2 Guide