← Zuruck zu CVEs
CVE-2022-1388
CRITICALCISA KEV9.8
Beschreibung
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht5/5/2022
Zuletzt geandert10/27/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerF5
ProduktBIG-IP
SchwachstellennameF5 BIG-IP Missing Authentication Vulnerability
KEV Aufnahmedatum2022-05-10
Behebungsfrist2022-05-31
Ransomware-NutzungKnown
Betroffene Produkte
f5:big-ip_access_policy_managerf5:big-ip_advanced_firewall_managerf5:big-ip_analyticsf5:big-ip_application_acceleration_managerf5:big-ip_application_security_managerf5:big-ip_domain_name_systemf5:big-ip_fraud_protection_servicef5:big-ip_global_traffic_managerf5:big-ip_link_controllerf5:big-ip_local_traffic_managerf5:big-ip_policy_enforcement_manager
Schwachen (CWE)
CWE-306CWE-306
Referenzen
http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html(f5sirt@f5.com)
http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html(f5sirt@f5.com)
https://support.f5.com/csp/article/K23605346(f5sirt@f5.com)
https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/(f5sirt@f5.com)
http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K23605346(af854a3a-2127-422b-91ae-364da2661108)
https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1388(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.