← Volver a CVEs
CVE-2022-1388
CRITICALCISA KEV9.8
Descripcion
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado5/5/2022
Ultima modificacion10/27/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorF5
ProductoBIG-IP
Nombre vulnerabilidadF5 BIG-IP Missing Authentication Vulnerability
Fecha inclusion KEV2022-05-10
Fecha limite remediacion2022-05-31
Uso en ransomwareKnown
Productos afectados
f5:big-ip_access_policy_managerf5:big-ip_advanced_firewall_managerf5:big-ip_analyticsf5:big-ip_application_acceleration_managerf5:big-ip_application_security_managerf5:big-ip_domain_name_systemf5:big-ip_fraud_protection_servicef5:big-ip_global_traffic_managerf5:big-ip_link_controllerf5:big-ip_local_traffic_managerf5:big-ip_policy_enforcement_manager
Debilidades (CWE)
CWE-306CWE-306
Referencias
http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html(f5sirt@f5.com)
http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html(f5sirt@f5.com)
https://support.f5.com/csp/article/K23605346(f5sirt@f5.com)
https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/(f5sirt@f5.com)
http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K23605346(af854a3a-2127-422b-91ae-364da2661108)
https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1388(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.