• Home
  • Politics
  • News
  • Business
  • Health
  • Entertainment
  • Sports
  • Lifestyle
  • Education
  • Opinion
Friday, 10 July, 2026
  • Login
Top Radio 103.1 FM
 
  • Home
  • News
  • Politics
  • Business
  • Entertainment
  • Health
  • Lifestyle
  • Sports
  • Education
  • Technology
  • Foreign
No Result
View All Result
Top Radio 103.1 FM
No Result
View All Result
Home Technology

Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating

TOPFM NEWS by TOPFM NEWS
May 10, 2022
in Technology
A A
0
Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating
0
SHARES
10
VIEWS
Share on FacebookShare on Twitter

Researchers are marveling at the scope and magnitude of a vulnerability that hackers are actively exploiting to take full control of network devices that run on some of the world’s biggest and most sensitive networks.

The vulnerability, which carries a 9.8 severity rating out of a possible 10, affects F5’s BIG-IP, a line of appliances that organizations use as load balancers, firewalls, and for inspection and encryption of data passing into and out of networks. There are more than 16,000 instances of the gear discoverable online, and F5 says it’s used by 48 of the Fortune 50. Given BIG-IP’s proximity to network edges and their functions as devices that manage traffic for web servers, they often are in a position to see decrypted contents of HTTPS-protected traffic.

Last week, F5 disclosed and patched a BIG-IP vulnerability that hackers can exploit to execute commands that run with root system privileges. The threat stems from a faulty authentication implementation of the iControl REST, a set of web-based programming interfaces for configuring and managing BIG-IP devices.

“This issue allows attackers with access to the management interface to basically pretend to be an administrator due to a flaw in how the authentication is implemented,” Aaron Portnoy, the director of research and development at security firm Randori, said in a direct message. “Once you are an admin, you can interact with all the endpoints the application provides, including execute code.”

Images floating around Twitter in the past 24 hours show how hackers can use the exploit to access an F5 application endpoint named bash. Its function is to provide an interface for running user-supplied input as a bash command with root privileges.

While many images show exploit code supplying a password to make commands run, exploits also work when no password is supplied. The image quickly drew the attention of researchers who marveled at the power of an exploit that allows the execution of root commands without a password. Only half-joking, some asked how functionality this powerful could have been so poorly locked down.

Elsewhere on Twitter, researchers shared exploit code and reported seeing in-the-wild exploits that dropped backdoor webshells that threat actors could use to maintain control over hacked BIG-IP devices even after they’re patched. One such attack showed threat actors from the addresses 216.162.206.213 and 209.127.252.207 dropping a payload to the file path /tmp/f5.sh to install PHP-based webshell in /usr/local/www/xui/common/css/. From then on, the device is backdoored.

The severity of CVE-2022-1388 was rated at 9.8 last week before many details were available. Now that the ease, power, and wide availability of exploits are better understood, the risks take on increased urgency. Organizations that use BIG-IP gear should prioritize the investigation of this vulnerability and the patching or mitigating of any risk that arises. Randori provided a detailed analysis of the vulnerability and a one-line bash script here that BIG-IP users can use to check exploitability. 

Related Posts

Renowned journalist Bismark Brown joins 2026 ERAI Fellowship

Renowned journalist Bismark Brown joins 2026 ERAI Fellowship

July 8, 2026
5
Meta CEO Zukerberg testifies in court over child social media addition trial

Meta CEO Zukerberg testifies in court over child social media addition trial

February 19, 2026
9
Source: Dan Goodin
Via: ars technica
Tags: Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating
Previous Post

I prefer Record of the Year – Fameye unhappy with the VGMA23 Songwriter of the Year win

Next Post

Russia downed satellite internet in Ukraine: Western officials

Related Posts

Renowned journalist Bismark Brown joins 2026 ERAI Fellowship
Technology

Renowned journalist Bismark Brown joins 2026 ERAI Fellowship

July 8, 2026
5
Meta CEO Zukerberg testifies in court over child social media addition trial
Technology

Meta CEO Zukerberg testifies in court over child social media addition trial

February 19, 2026
9
Ghana places first order for Airbus helicopters
News

Ghana places first order for Airbus helicopters

January 15, 2026
20
Government to roll out E Visa next year – Foreign Affairs Minister
News

Government to roll out E Visa next year – Foreign Affairs Minister

December 22, 2025
14
Toyota global production down for 10th month despite rising sales
News

Toyota global production down for 10th month despite rising sales

December 26, 2024 - Updated on December 28, 2024
66
Ghana leads four other African countries to sign SATA declaration on data and digital identity interoperability
Technology

Ghana leads four other African countries to sign SATA declaration on data and digital identity interoperability

April 27, 2023
15
Next Post
Russia downed satellite internet in Ukraine: Western officials

Russia downed satellite internet in Ukraine: Western officials

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

BROWSE BY CATEGORIES

  • Business
  • Education
  • Entertainment
  • Foreign
  • Health
  • Lifestyle
  • News
  • Opinion
  • Politics
  • Sports
  • Technology
  • Uncategorized

BROWSE BY TOPICS

AFCON Afghanistan akufo addo Amazon apple AT&T Ato Forson Black Stars covid COVID-19 E-Levy facebook galamsey Ghana Ghana music Ghana Police Service Google Government GRA health Highlife Intel iphone Majority meta Microsoft Minority momo NDC NPP Oluman Buggie OMICRON Parliament police President John Dramani Mahama Russia security South Africa tech Tesla Top Media Group US UTAG vaccine World Cup

Recent Posts

  • If you can’t sing the national anthem, you can’t play the national team – President John Mahama
  • Renowned journalist Bismark Brown joins 2026 ERAI Fellowship
  • Mzbel cries foul saying lack of hospital bed caused death of her sister
  • I have never seen this kind of rain before in my 30 years of living in Accra – Dr. George Amoh calls for unity following devastating floods in the capital
  • Nana Ama Bonsu announced as 15th Asantehemaa

Recent Comments

  1. meinestadtkleinanzeigen.de on (Photos) GNFS Suppress Fire At Lakeside Estate Apartment
  2. News on Church Of Pentecost Commission 35 Bed AI Powered Hospital In Bolgatanga (Photos)

RECENT NEWS

  • If you can’t sing the national anthem, you can’t play the national team – President John Mahama July 9, 2026
  • Renowned journalist Bismark Brown joins 2026 ERAI Fellowship July 8, 2026
  • Mzbel cries foul saying lack of hospital bed caused death of her sister July 7, 2026
  • I have never seen this kind of rain before in my 30 years of living in Accra – Dr. George Amoh calls for unity following devastating floods in the capital July 7, 2026

MAIN CATEGORIES

  • Business
  • Education
  • Entertainment
  • Foreign
  • Health
  • Lifestyle
  • News
  • Opinion
  • Politics
  • Sports
  • Technology
  • Uncategorized

Entertainment

Bipolar Disorder: Understanding the condition
Health

Bipolar Disorder: Understanding the condition

1 month ago
10
  • ABOUT US
  • CONTACT
  • ADVERTISE

© 2025 Top Media Group - Powered by BackUP Data Systems

No Result
View All Result
  • Home
  • Politics
  • News
  • Business
  • Health
  • Entertainment
  • Sports
  • Lifestyle
  • Education
  • Opinion

© 2025 Top Media Group - Powered by BackUP Data Systems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In