CVE-2022-1388

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
CVE-2022-1388 is a critical vulnerability identified in the F5 BIG-IP iControl REST interface, which allows for an authentication bypass. This flaw in software design or implementation enables unauthorized users to gain access and control over the system without needing to authenticate their identity, posing a significant security threat. The exploit was among the most prominent vulnerabilities detected, with a notable surge in daily detection counts over a 30-day period. This vulnerability was one of the three major cybersecurity threats contributing to nearly 90% of known exploits. Although the primary vulnerability was found in Log4j (CVE-2021-44228), accounting for 44% of known exploits, CVE-2022-1388 and another vulnerability affecting VMware's Workspace One Access and Identity Manager (CVE-2022-22954) made up the rest of this high-risk trio. These vulnerabilities have been under active attack, with unpatched systems being the prime targets. The exploitation of CVE-2022-1388 by BlackTech adds to its severity. BlackTech is a cyber espionage group known for its advanced persistent threats, making the exploitation of this vulnerability a significant concern for organizations using F5's BIG-IP products. It is essential for these organizations to apply patches promptly to mitigate the risks associated with this vulnerability.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Exploit
exploited
Exploits
Cloudflare
Log4j
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BlackTechUnspecified
1
BlackTech is a threat actor, or a group responsible for carrying out malicious cyber activities. Known for its links to China, BlackTech focuses on gathering intelligence from technology and government organizations, predominantly in the Asia-Pacific region. This group has shown a high degree of sop
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Log4ShellUnspecified
2
Log4Shell is a software vulnerability, specifically a flaw in the design or implementation of the popular Java logging library, Log4j. Identified as CVE-2021-44228, this vulnerability allows an attacker to remotely execute arbitrary code, often leading to full system compromise. Advanced Persistent
CVE-2022-22954Unspecified
2
CVE-2022-22954 is a significant software vulnerability that affects VMware's Workspace One Access and Identity Manager. This flaw in the software design or implementation allows for remote code execution, providing an attacker with the ability to execute arbitrary commands on the affected system. Ov
ProxyshellUnspecified
1
ProxyShell is a critical vulnerability affecting Microsoft Exchange email servers. Identified as CVE-2021-34473, it is a flaw in software design or implementation that can be exploited by attackers to gain unauthorized access to systems. The vulnerability was actively exploited by threat actors, cau
FollinaUnspecified
1
Follina, also known as CVE-2022-30190, is a notable software vulnerability that was discovered and exploited in the first half of 2022. This flaw, found in the Microsoft Windows Support Diagnostic Tool (MSDT), was weaponized by TA413, a cyber threat actor group with suspected ties to China. The grou
CVE-2021-44228Unspecified
1
CVE-2021-44228, also known as the Log4j vulnerability, is a software flaw found in Apache Log4j, a widely used logging utility. Despite multiple attempts by Advanced Persistent Threat (APT) actors to exploit this vulnerability in the ServiceDesk system, these efforts were unsuccessful. However, it b
CVE-2022-22960Unspecified
1
None
Source Document References
Information about the CVE-2022-1388 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
Sensor Intel Series: Top CVEs in December 2023
CERT-EU
7 months ago
Infographic: A History of Network Device Threats and What Lies Ahead
CERT-EU
7 months ago
Infographic: A History of Network Device Threats and What Lies Ahead | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
8 months ago
Sensor Intel Series: Top CVEs in October 2023
CERT-EU
9 months ago
BIG-IP Vulnerability Alert: Remote Code Execution Risk
CERT-EU
9 months ago
CVE-2023-46747: Severe Flaw in Big-IP Causes Remote Code Execution
CERT-EU
9 months ago
F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution
CERT-EU
10 months ago
Sensor Intel Series: Top CVEs in August 2023 | F5 Labs
Malwarebytes
a year ago
2022's most routinely exploited vulnerabilities—history repeats
CERT-EU
a year ago
Unmasking the top exploited vulnerabilities of 2022 – GIXtools
BankInfoSecurity
a year ago
Patching Conundrum: 5-Year Old Flaw Again Tops Most-Hit List
CERT-EU
a year ago
Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities
CERT-EU
a year ago
FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022
CERT-EU
a year ago
Most exploited cyber vulnerabilities of 2022 revealed
BankInfoSecurity
a year ago
Patching Conundrum: 4-Year Old Flaw Again Tops Most-Hit List
Securityaffairs
a year ago
CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022
CERT-EU
a year ago
FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022
CISA
a year ago
2022 Top Routinely Exploited Vulnerabilities | CISA
Fortinet
a year ago
Ransomware Roundup - Cl0p | FortiGuard Labs
MITRE
a year ago
Windows Commands Abused by Attackers - JPCERT/CC Eyes