On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://support.f5.com/csp/article/K23605346 | Mitigation Vendor Advisory |
https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/ | Exploit Mitigation Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
02 Nov 2023, 01:54
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/ - Exploit, Mitigation, Third Party Advisory |
18 Oct 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Jan 2023, 16:08
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
30 Sep 2022, 02:27
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html - Exploit, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html - Exploit, Third Party Advisory |
12 May 2022, 18:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 May 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 May 2022, 20:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References | (MISC) https://support.f5.com/csp/article/K23605346 - Mitigation, Vendor Advisory | |
CWE | CWE-306 | |
First Time |
F5 big-ip Application Security Manager
F5 big-ip Link Controller F5 F5 big-ip Advanced Firewall Manager F5 big-ip Access Policy Manager F5 big-ip Local Traffic Manager F5 big-ip Application Acceleration Manager F5 big-ip Global Traffic Manager F5 big-ip Fraud Protection Service F5 big-ip Domain Name System F5 big-ip Analytics F5 big-ip Policy Enforcement Manager |
|
CPE | cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* |
05 May 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-05 17:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-1388
Mitre link : CVE-2022-1388
CVE.ORG link : CVE-2022-1388
JSON object : View
Products Affected
f5
- big-ip_local_traffic_manager
- big-ip_advanced_firewall_manager
- big-ip_global_traffic_manager
- big-ip_domain_name_system
- big-ip_analytics
- big-ip_access_policy_manager
- big-ip_application_security_manager
- big-ip_policy_enforcement_manager
- big-ip_fraud_protection_service
- big-ip_link_controller
- big-ip_application_acceleration_manager
CWE
CWE-306
Missing Authentication for Critical Function