Vulnerabilities > CVE-2022-1388 - Unspecified vulnerability in F5 products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Vulnerable Configurations
Related news
- Week in review: F5 BIG-IP flaw, critical bugs in Aruba and Avaya network switches, Patch Tuesday forecast (source)
- Exploits created for critical F5 BIG-IP flaw, install patch immediately (source)
- Attackers are attempting to exploit critical F5 BIG-IP RCE (source)
- Hackers exploiting critical F5 BIG-IP flaw to drop backdoors (source)
- Hackers exploiting critical F5 BIG-IP bug, public exploits released (source)
- Critical F5 BIG-IP vulnerability targeted by destructive attacks (source)
- Critical F5 BIG-IP vulnerability exploited to wipe devices (source)
- CISA tells federal agencies to fix actively exploited F5 BIG-IP bug (source)
- CISA shares guidance to block ongoing F5 BIG-IP attacks (source)
- VMware Releases Patches for New Vulnerabilities Affecting Multiple Products (source)
- Researchers to release exploit for new VMware auth bypass, patch now (source)
- Researchers to release PoC exploit for critical Zoho RCE bug, patch now (source)
- Researchers to release PoC exploit for critical ManageEngine RCE bug, patch now (source)
- Exploit released for critical ManageEngine RCE bug, patch now (source)
References
- http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html
- https://support.f5.com/csp/article/K23605346
- https://support.f5.com/csp/article/K23605346
- https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/
- https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/