The U.S. Cybersecurity and Infrastructure Security Agency (CISA) hasaddedthe recently disclosed F5 BIG-IP flaw to itsKnown Exploited Vulnerabilities Catalogfollowing reports ofactive abusein the wild. The flaw, assigned the identifierCVE-2022-1388(CVSS score: 9.8), concerns acritical bugin the BIG-IP iControl REST endpoint that provides an unauthenticated adversary with a method to