← Voltar para CVEs
CVE-2022-1388
CRITICALCISA KEV9.8
Descricao
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado5/5/2022
Ultima modificacao10/27/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorF5
ProdutoBIG-IP
Nome da vulnerabilidadeF5 BIG-IP Missing Authentication Vulnerability
Data inclusao KEV2022-05-10
Prazo de remediacao2022-05-31
Uso em ransomwareKnown
Produtos afetados
f5:big-ip_access_policy_managerf5:big-ip_advanced_firewall_managerf5:big-ip_analyticsf5:big-ip_application_acceleration_managerf5:big-ip_application_security_managerf5:big-ip_domain_name_systemf5:big-ip_fraud_protection_servicef5:big-ip_global_traffic_managerf5:big-ip_link_controllerf5:big-ip_local_traffic_managerf5:big-ip_policy_enforcement_manager
Fraquezas (CWE)
CWE-306CWE-306
Referencias
http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html(f5sirt@f5.com)
http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html(f5sirt@f5.com)
https://support.f5.com/csp/article/K23605346(f5sirt@f5.com)
https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/(f5sirt@f5.com)
http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K23605346(af854a3a-2127-422b-91ae-364da2661108)
https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1388(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.