Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-1388 (GCVE-0-2022-1388)
Vulnerability from cvelistv5 – Published: 2022-05-05 16:18 – Updated: 2025-10-21 23:15
VLAI?
EPSS
Summary
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 | BIG-IP |
Unaffected:
17.0.0 , < 17.0.x*
(custom)
Affected: 16.1.x , < 16.1.2.2 (custom) Affected: 15.1.x , < 15.1.5.1 (custom) Affected: 14.1.x , < 14.1.4.6 (custom) Affected: 13.1.x , < 13.1.5 (custom) Affected: 12.1.x , ≤ 12.1.6 (custom) Affected: 11.6.x , ≤ 11.6.5 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K23605346"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1388",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T20:27:21.338441Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-05-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1388"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:40.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1388"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-05-10T00:00:00.000Z",
"value": "CVE-2022-1388 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "17.0.x*",
"status": "unaffected",
"version": "17.0.0",
"versionType": "custom"
},
{
"lessThan": "16.1.2.2",
"status": "affected",
"version": "16.1.x",
"versionType": "custom"
},
{
"lessThan": "15.1.5.1",
"status": "affected",
"version": "15.1.x",
"versionType": "custom"
},
{
"lessThan": "14.1.4.6",
"status": "affected",
"version": "14.1.x",
"versionType": "custom"
},
{
"lessThan": "13.1.5",
"status": "affected",
"version": "13.1.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.1.6",
"status": "affected",
"version": "12.1.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.6.5",
"status": "affected",
"version": "11.6.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T00:25:05.758Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"url": "https://support.f5.com/csp/article/K23605346"
},
{
"url": "http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html"
},
{
"url": "https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2022-1388",
"datePublished": "2022-05-05T16:18:04.472Z",
"dateReserved": "2022-04-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:40.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2022-1388",
"cwes": "[\"CWE-306\"]",
"dateAdded": "2022-05-10",
"dueDate": "2022-05-31",
"knownRansomwareCampaignUse": "Known",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2022-1388",
"product": "BIG-IP",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.",
"vendorProject": "F5",
"vulnerabilityName": "F5 BIG-IP Missing Authentication Vulnerability"
},
"vulnrichment": {
"containers": "{\"cna\": {\"datePublic\": \"2022-05-04T00:00:00.000Z\", \"providerMetadata\": {\"orgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"shortName\": \"f5\", \"dateUpdated\": \"2023-10-18T00:25:05.758Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated\"}], \"affected\": [{\"vendor\": \"F5\", \"product\": \"BIG-IP\", \"versions\": [{\"version\": \"17.0.0\", \"status\": \"unaffected\", \"lessThan\": \"17.0.x*\", \"versionType\": \"custom\"}, {\"version\": \"16.1.x\", \"status\": \"affected\", \"lessThan\": \"16.1.2.2\", \"versionType\": \"custom\"}, {\"version\": \"15.1.x\", \"status\": \"affected\", \"lessThan\": \"15.1.5.1\", \"versionType\": \"custom\"}, {\"version\": \"14.1.x\", \"status\": \"affected\", \"lessThan\": \"14.1.4.6\", \"versionType\": \"custom\"}, {\"version\": \"13.1.x\", \"status\": \"affected\", \"lessThan\": \"13.1.5\", \"versionType\": \"custom\"}, {\"version\": \"12.1.x\", \"status\": \"affected\", \"lessThanOrEqual\": \"12.1.6\", \"versionType\": \"custom\"}, {\"version\": \"11.6.x\", \"status\": \"affected\", \"lessThanOrEqual\": \"11.6.5\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.f5.com/csp/article/K23605346\"}, {\"url\": \"http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html\"}, {\"url\": \"http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html\"}, {\"url\": \"http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html\"}, {\"url\": \"https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\"}}], \"problemTypes\": [{\"descriptions\": [{\"type\": \"CWE\", \"lang\": \"en\", \"description\": \"CWE-306 Missing Authentication for Critical Function\", \"cweId\": \"CWE-306\"}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"source\": {\"discovery\": \"INTERNAL\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T00:03:06.011Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.f5.com/csp/article/K23605346\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/\", \"tags\": [\"x_transferred\"]}]}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-1388\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-29T20:27:21.338441Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-05-10\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1388\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1388\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-29T20:27:37.728Z\"}, \"timeline\": [{\"time\": \"2022-05-10T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2022-1388 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
"cveMetadata": "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2022-1388\", \"assignerOrgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"assignerShortName\": \"f5\", \"dateUpdated\": \"2025-10-21T19:46:05.503Z\", \"dateReserved\": \"2022-04-19T00:00:00.000Z\", \"datePublished\": \"2022-05-05T16:18:04.472Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-MRPH-RVC3-CV97
Vulnerability from github – Published: 2022-05-06 00:00 – Updated: 2025-10-22 00:32
VLAI?
Details
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2022-1388"
],
"database_specific": {
"cwe_ids": [
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-05T17:15:00Z",
"severity": "CRITICAL"
},
"details": "On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
"id": "GHSA-mrph-rvc3-cv97",
"modified": "2025-10-22T00:32:32Z",
"published": "2022-05-06T00:00:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1388"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K23605346"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1388"
},
{
"type": "WEB",
"url": "https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CERTFR-2022-AVI-419
Vulnerability from certfr_avis - Published: 2022-05-05 - Updated: 2022-05-05
De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- F5 BIG-IP (tous modules) versions 17.x antérieures à 17.0.0
- F5 BIG-IP (tous modules) versions 16.x antérieures à 16.1.2.2
- F5 BIG-IP (tous modules) versions 15.x antérieures à 15.1.5.1
- F5 BIG-IP (tous modules) versions antérieures à 14.1.4.6
- NGINX App Protect versions antérieures à 3.7.0
Concernant la vulnérabilité critique, immatriculée CVE-2022-1388, l'éditeur propose un correctif de sécurité pour les produits F5 BIG-IP en versions 13.x. Cependant il est très fortement recommandé pour toutes les versions 11.x, 12.x et 13.x de migrer au moins vers la version 14.1.4.6 afin de pouvoir bénéficier de l'intégralité des correctifs de sécurité.
Impacted products
| Vendor | Product | Description |
|---|
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eF5 BIG-IP (tous modules) versions 17.x ant\u00e9rieures \u00e0 17.0.0\u003c/li\u003e \u003cli\u003eF5 BIG-IP (tous modules) versions 16.x ant\u00e9rieures \u00e0 16.1.2.2\u003c/li\u003e \u003cli\u003eF5 BIG-IP (tous modules) versions 15.x ant\u00e9rieures \u00e0 15.1.5.1\u003c/li\u003e \u003cli\u003eF5 BIG-IP (tous modules) versions ant\u00e9rieures \u00e0 14.1.4.6\u003c/li\u003e \u003cli\u003eNGINX App Protect versions ant\u00e9rieures \u00e0 3.7.0\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eConcernant la vuln\u00e9rabilit\u00e9 critique, immatricul\u00e9e CVE-2022-1388, l\u0027\u00e9diteur propose un correctif de s\u00e9curit\u00e9 pour les produits F5 BIG-IP en versions 13.x. Cependant il est tr\u00e8s fortement recommand\u00e9 pour toutes les versions 11.x, 12.x et 13.x de migrer au moins vers la version 14.1.4.6 afin de pouvoir b\u00e9n\u00e9ficier de l\u0027int\u00e9gralit\u00e9 des correctifs de s\u00e9curit\u00e9.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-25946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25946"
},
{
"name": "CVE-2022-28695",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28695"
},
{
"name": "CVE-2022-27662",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27662"
},
{
"name": "CVE-2022-26415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26415"
},
{
"name": "CVE-2022-26890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26890"
},
{
"name": "CVE-2022-29480",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29480"
},
{
"name": "CVE-2022-27636",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27636"
},
{
"name": "CVE-2022-27230",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27230"
},
{
"name": "CVE-2022-29474",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29474"
},
{
"name": "CVE-2022-27495",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27495"
},
{
"name": "CVE-2022-27634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27634"
},
{
"name": "CVE-2022-1389",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1389"
},
{
"name": "CVE-2022-26340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26340"
},
{
"name": "CVE-2022-26370",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26370"
},
{
"name": "CVE-2022-26517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26517"
},
{
"name": "CVE-2022-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28708"
},
{
"name": "CVE-2022-28706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28706"
},
{
"name": "CVE-2022-29263",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29263"
},
{
"name": "CVE-2022-29473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29473"
},
{
"name": "CVE-2022-28714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28714"
},
{
"name": "CVE-2022-29491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29491"
},
{
"name": "CVE-2022-27806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27806"
},
{
"name": "CVE-2022-28716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28716"
},
{
"name": "CVE-2022-27181",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27181"
},
{
"name": "CVE-2022-28859",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28859"
},
{
"name": "CVE-2022-26835",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26835"
},
{
"name": "CVE-2022-28691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28691"
},
{
"name": "CVE-2022-29479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29479"
},
{
"name": "CVE-2022-27880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27880"
},
{
"name": "CVE-2022-1388",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1388"
},
{
"name": "CVE-2022-27182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27182"
},
{
"name": "CVE-2022-26071",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26071"
},
{
"name": "CVE-2022-27659",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27659"
}
],
"initial_release_date": "2022-05-05T00:00:00",
"last_revision_date": "2022-05-05T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-419",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K54082580 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K54082580"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K41440465 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K41440465"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K21317311 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K21317311"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K31856317 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K31856317"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K14229426 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K14229426"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K23454411 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K23454411"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K71103363 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K71103363"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K06323049 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K06323049"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K49905324 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K49905324"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K39002226 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K39002226"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K93543114 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K93543114"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K25451853 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K25451853"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K24248011 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K24248011"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K54460845 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K54460845"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K51539421 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K51539421"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K92306170 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K92306170"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K37155600 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K37155600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K64124988 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K64124988"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K17341495 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K17341495"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K38271531 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K38271531"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K41877405 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K41877405"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K80945213 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K80945213"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K08510472 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K08510472"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K03442392 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K03442392"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K85054496 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K85054496"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K68816502 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K68816502"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K23605346 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K23605346"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K59904248 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K59904248"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K68647001 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K68647001"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K74302282 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K74302282"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K85021277 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K85021277"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K47662005 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K47662005"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K94093538 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K94093538"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K57110035 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K57110035"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K57555833 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K57555833"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K92807525 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K92807525"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K53197140 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K53197140"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K81952114 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K81952114"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K53593534 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K53593534"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K52322100 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K52322100"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K03755971 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K03755971"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K70134152 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K70134152"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K33552735 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K33552735"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K67397230 du 04 mai 2022",
"url": "https://support.f5.com/csp/article/K67397230"
}
]
}
CERTFR-2022-ALE-004
Vulnerability from certfr_alerte - Published: 2022-05-11 - Updated: 2022-09-16
La vulnérabilité CVE-2022-1388 affectant les équipements BIG-IP de F5 Networks a été annoncée le 4 mai 2022. Elle permet de contourner le mécanisme d’authentification et d’invoquer les fonctions d’interprétation de commandes systèmes disponibles au travers de l’interface de programmation (API) iControl. Il est en particulier possible d’invoquer une invite de commande (bash) qui sera exécutée avec les droits root, permettant donc de prendre le contrôle de l’équipement.
L’API iControl REST permet l’automatisation de certaines tâches d’administration. Elle est accessible depuis l’interface d’administration de l’équipement mais également depuis les adresses IP dénommées self-IP qui peuvent être configurées via le menu Network / Self-IPs dans les différents VLANs auxquels ces équipements sont connectés.
Le CERT-FR recommande de ne pas exposer les interfaces et API d'administration sur Internet.
Cette vulnérabilité a déjà été mentionnée dans le bulletin d’actualité hebdomadaire du 09 mai 2022. Toutefois, les analyses techniques publiées récemment confirment la facilité d’exploitation de cette vulnérabilité et des codes d’exploitation sont désormais disponibles. Par ailleurs, certaines versions affectées ne disposent pas de correctif et les possibilités d’une exploitation par l’intermédiaire d’un réseau interne ne peuvent pas être exclues.
Contournement provisoire
S’il n’est pas possible de procéder à l’installation d’une version de BIG-IP corrigeant la vulnérabilité, se référer aux mesures de contournement proposées par l’éditeur [3] à la section Mitigation.
Solution
Le CERT-FR recommande fortement d’appliquer les correctifs fournis par l’éditeur, se référer à l’avis émis par le CERT-FR [1] [2] pour plus d’information.
Pour les versions 11.x et 12.x de BIG-IP, il est nécessaire d’effectuer
une montée de version afin de corriger la vulnérabilité.
Se référer à l’article K5903
[4] pour identifier les
versions de BIG-IP supportées par F5.
De manière générale, il faut a minima prendre les mesures nécessaires pour que l’interface de gestion d’un équipement ne soit accessible que depuis un réseau sécurisé. Le CERT-FR rappelle également que l'éditeur a publié des bonnes pratiques afin de sécuriser l'administration de ses équipements [5]. Il convient notamment de :
- Connecter le port d'administration sur un réseau d'administration sécurisé ;
- Interdire l'accès aux interfaces d’administration (notamment mui et iControl) via les adresses IP Self-IP ;
Rappels :
- Le guide d’hygiène informatique : https://www.ssi.gouv.fr/uploads/2017/01/guide_hygiene_informatique_anssi.pdf
- Recommandations relatives à l’administration sécurisée des systèmes d’information : https://www.ssi.gouv.fr/administration/guide/securiser-ladministration-des-systemes-dinformation/
- Recommandations sur le nomadisme numérique : https://www.ssi.gouv.fr/guide/recommandations-sur-le-nomadisme-numerique/
Liens :
- [1] Bulletin d’actualité CERTFR-2022-ACT-019
- [2] Avis CERTFR-2022-AVI-419 - Multiples vulnérabilités dans les produits F5
- [3] BIG-IP iControl REST vulnerability CVE-2022-1388
- [4] BIG-IP software support policy
- [5] Overview of securing access to the BIG-IP system
Les versions suivantes de F5 sont également vulnérables mais ne sont plus maintenues par l’éditeur :
- F5 BIG-IP des versions 12.1.0 aux versions 12.1.6
- F5 BIG-IP des versions 11.6.1 aux versions 11.6.5
Impacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F5 BIG-IP versions 15.x ant\u00e9rieures \u00e0 15.1.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP versions 14.x ant\u00e9rieures \u00e0 14.1.4.6",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP versions 16.x ant\u00e9rieures \u00e0 16.1.2.2",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP versions 13.x ant\u00e9rieures \u00e0 13.1.5",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": "\u003cp\u003eLes versions suivantes de F5 sont \u00e9galement vuln\u00e9rables mais ne sont plus maintenues par l\u2019\u00e9diteur :\u003c/p\u003e \u003cul\u003e \u003cli\u003eF5 BIG-IP des versions 12.1.0 aux versions 12.1.6\u003c/li\u003e \u003cli\u003eF5 BIG-IP des versions 11.6.1 aux versions 11.6.5\u003c/li\u003e \u003c/ul\u003e ",
"closed_at": "2022-09-16",
"content": "## Contournement provisoire\n\nS\u2019il n\u2019est pas possible de proc\u00e9der \u00e0 l\u2019installation d\u2019une version de\nBIG-IP corrigeant la vuln\u00e9rabilit\u00e9, se r\u00e9f\u00e9rer aux mesures de\ncontournement propos\u00e9es par\nl\u2019\u00e9diteur\u00a0[\\[3\\]](https://support.f5.com/csp/article/K23605346) \u00e0 la\nsection *Mitigation*.\n\n## Solution\n\nLe CERT-FR recommande fortement d\u2019appliquer les correctifs fournis par\nl\u2019\u00e9diteur, se r\u00e9f\u00e9rer \u00e0 l\u2019avis \u00e9mis par le CERT-FR\n[\\[1\\]](https://cert.ssi.gouv.fr/actualite/CERTFR-2022-ACT-019/)\n[\\[2\\]](/avis/CERTFR-2022-AVI-419/) pour\nplus d\u2019information.\n\nPour les versions 11.x et 12.x de BIG-IP, il est n\u00e9cessaire d\u2019effectuer\nune mont\u00e9e de version afin de corriger la vuln\u00e9rabilit\u00e9. \nSe r\u00e9f\u00e9rer \u00e0 l\u2019article K5903\n[\\[4\\]](https://support.f5.com/csp/article/K5903) pour identifier les\nversions de BIG-IP support\u00e9es par F5.\n\nDe mani\u00e8re g\u00e9n\u00e9rale, il faut *a minima*\u00a0prendre les mesures n\u00e9cessaires\npour que l\u2019interface de gestion d\u2019un \u00e9quipement ne soit accessible que\ndepuis un r\u00e9seau s\u00e9curis\u00e9. Le CERT-FR rappelle \u00e9galement que l\u0027\u00e9diteur a\npubli\u00e9 des bonnes pratiques afin de s\u00e9curiser l\u0027administration de ses\n\u00e9quipements [\\[5\\]](https://support.f5.com/csp/article/K13092). Il\nconvient notamment de :\n\n- Connecter le port d\u0027administration sur un r\u00e9seau d\u0027administration\n s\u00e9curis\u00e9 ;\n- Interdire l\u0027acc\u00e8s aux interfaces d\u2019administration (notamment mui et\n iControl) *via* les adresses IP *Self-IP* ;\n\nRappels :\n\n- Le guide d\u2019hygi\u00e8ne informatique\n :\u00a0\u003chttps://www.ssi.gouv.fr/uploads/2017/01/guide_hygiene_informatique_anssi.pdf\u003e\n- Recommandations relatives \u00e0 l\u2019administration s\u00e9curis\u00e9e des syst\u00e8mes\n d\u2019information\n :\u00a0\u003chttps://www.ssi.gouv.fr/administration/guide/securiser-ladministration-des-systemes-dinformation/\u003e\n- Recommandations sur le nomadisme num\u00e9rique\n :\u00a0\u003chttps://www.ssi.gouv.fr/guide/recommandations-sur-le-nomadisme-numerique/\u003e\n\nLiens\u00a0:\n\n- \\[1\\] [Bulletin d\u2019actualit\u00e9\n CERTFR-2022-ACT-019](https://cert.ssi.gouv.fr/actualite/CERTFR-2022-ACT-019/)\n- \\[2\\] [Avis CERTFR-2022-AVI-419 - Multiples vuln\u00e9rabilit\u00e9s dans les\n produits F5](/avis/CERTFR-2022-AVI-419/)\n- \\[3\\] [BIG-IP iControl REST vulnerability\n CVE-2022-1388](https://support.f5.com/csp/article/K23605346)\n- \\[4\\] [BIG-IP software support\n policy](https://support.f5.com/csp/article/K5903)\n- \\[5\\] [Overview of securing access to the BIG-IP\n system](https://support.f5.com/csp/article/K13092)\n\n",
"cves": [
{
"name": "CVE-2022-1388",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1388"
}
],
"initial_release_date": "2022-05-11T00:00:00",
"last_revision_date": "2022-09-16T00:00:00",
"links": [],
"reference": "CERTFR-2022-ALE-004",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-11T00:00:00.000000"
},
{
"description": "Cloture de l\u0027alerte",
"revision_date": "2022-09-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "La vuln\u00e9rabilit\u00e9\n[CVE-2022-1388](https://www.cve.org/CVERecord?id=2022-1388) affectant\nles \u00e9quipements BIG-IP de F5 Networks a \u00e9t\u00e9 annonc\u00e9e le 4 mai 2022. Elle\npermet de contourner le m\u00e9canisme d\u2019authentification et d\u2019invoquer les\nfonctions d\u2019interpr\u00e9tation de commandes syst\u00e8mes disponibles au travers\nde l\u2019interface de programmation *(API)* iControl. Il est en particulier\npossible d\u2019invoquer une invite de commande *(bash)* qui sera ex\u00e9cut\u00e9e\navec les droits *root*, permettant donc de prendre le contr\u00f4le de\nl\u2019\u00e9quipement.\n\nL\u2019API iControl REST permet l\u2019automatisation de certaines t\u00e2ches\nd\u2019administration. Elle est accessible depuis l\u2019interface\nd\u2019administration de l\u2019\u00e9quipement mais \u00e9galement depuis les adresses IP\nd\u00e9nomm\u00e9es *self-IP* qui peuvent \u00eatre configur\u00e9es *via* le menu *Network*\n/ *Self-IPs* dans les diff\u00e9rents VLANs auxquels ces \u00e9quipements sont\nconnect\u00e9s.\n\nLe CERT-FR recommande de ne pas exposer les interfaces et API\nd\u0027administration sur Internet.\n\nCette vuln\u00e9rabilit\u00e9 a d\u00e9j\u00e0 \u00e9t\u00e9 mentionn\u00e9e dans le bulletin d\u2019actualit\u00e9\nhebdomadaire du 09 mai 2022. Toutefois, les analyses techniques publi\u00e9es\nr\u00e9cemment confirment la facilit\u00e9 d\u2019exploitation de cette vuln\u00e9rabilit\u00e9\net des codes d\u2019exploitation sont d\u00e9sormais disponibles. Par ailleurs,\ncertaines versions affect\u00e9es ne disposent pas de correctif et les\npossibilit\u00e9s d\u2019une exploitation par l\u2019interm\u00e9diaire d\u2019un r\u00e9seau interne\nne peuvent pas \u00eatre exclues.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans F5 BIG-IP",
"vendor_advisories": []
}
GSD-2022-1388
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-1388",
"description": "On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
"id": "GSD-2022-1388",
"references": [
"https://packetstormsecurity.com/files/cve/CVE-2022-1388"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-1388"
],
"details": "On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
"id": "GSD-2022-1388",
"modified": "2023-12-13T01:19:28.468229Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-05-04T14:00:00.000Z",
"ID": "CVE-2022-1388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "!\u003e=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "\u003c",
"version_name": "16.1.x",
"version_value": "16.1.2.2"
},
{
"version_affected": "\u003c",
"version_name": "15.1.x",
"version_value": "15.1.5.1"
},
{
"version_affected": "\u003c",
"version_name": "14.1.x",
"version_value": "14.1.4.6"
},
{
"version_affected": "\u003c",
"version_name": "13.1.x",
"version_value": "13.1.5"
},
{
"version_affected": "\u003c=",
"version_name": "12.1.x",
"version_value": "12.1.6"
},
{
"version_affected": "\u003c=",
"version_name": "11.6.x",
"version_value": "11.6.5"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K23605346",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K23605346"
},
{
"name": "http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html"
},
{
"name": "https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/",
"refsource": "MISC",
"url": "https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/"
}
]
},
"source": {
"discovery": "INTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2022-1388"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K23605346",
"refsource": "MISC",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K23605346"
},
{
"name": "http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html"
},
{
"name": "https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/",
"refsource": "MISC",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-11-02T01:54Z",
"publishedDate": "2022-05-05T17:15Z"
}
}
}
CNVD-2022-35519
Vulnerability from cnvd - Published: 2022-05-07
VLAI Severity ?
Title
F5 BIG-IP iControl REST身份认证绕过漏洞
Description
F5 BIG-IP是美国F5公司一款集成流量管理、DNS、出入站规则、web应用防火墙、web网关、负载均衡等功能的应用交付平台。
F5 BIG-IP iControl REST身份认证绕过漏洞,该漏洞是由于iControl REST组件的身份认证功能存在绕过缺陷,导致授权访问机制失效。未经身份认证的攻击者利用该漏洞通过向BIG-IP服务器发送恶意构造请求,绕过身份认证,在目标系统上执行任意系统命令,创建或删除文件以及禁用服务等操作。
Severity
高
Patch Name
F5 BIG-IP iControl REST身份认证绕过漏洞的补丁
Patch Description
F5 BIG-IP是美国F5公司一款集成流量管理、DNS、出入站规则、web应用防火墙、web网关、负载均衡等功能的应用交付平台。
F5 BIG-IP iControl REST身份认证绕过漏洞,该漏洞是由于iControl REST组件的身份认证功能存在绕过缺陷,导致授权访问机制失效。未经身份认证的攻击者利用该漏洞通过向BIG-IP服务器发送恶意构造请求,绕过身份认证,在目标系统上执行任意系统命令,创建或删除文件以及禁用服务等操作。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: https://support.f5.com/csp/article/K55879220
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-1388
Impacted products
| Name | ['F5 BIG-IP 16.1.0-16.1.2', 'F5 BIG-IP 15.1.0-15.1.5', 'F5 BIG-IP 14.1.0-14.1.4', 'F5 BIG-IP 13.1.0-13.1.4', 'F5 BIG-IP 12.1.0-12.1.6', 'F5 BIG-IP 11.6.1-11.6.5'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-1388"
}
},
"description": "F5 BIG-IP\u662f\u7f8e\u56fdF5\u516c\u53f8\u4e00\u6b3e\u96c6\u6210\u6d41\u91cf\u7ba1\u7406\u3001DNS\u3001\u51fa\u5165\u7ad9\u89c4\u5219\u3001web\u5e94\u7528\u9632\u706b\u5899\u3001web\u7f51\u5173\u3001\u8d1f\u8f7d\u5747\u8861\u7b49\u529f\u80fd\u7684\u5e94\u7528\u4ea4\u4ed8\u5e73\u53f0\u3002\n\nF5 BIG-IP iControl REST\u8eab\u4efd\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eiControl REST\u7ec4\u4ef6\u7684\u8eab\u4efd\u8ba4\u8bc1\u529f\u80fd\u5b58\u5728\u7ed5\u8fc7\u7f3a\u9677\uff0c\u5bfc\u81f4\u6388\u6743\u8bbf\u95ee\u673a\u5236\u5931\u6548\u3002\u672a\u7ecf\u8eab\u4efd\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u5411BIG-IP\u670d\u52a1\u5668\u53d1\u9001\u6076\u610f\u6784\u9020\u8bf7\u6c42\uff0c\u7ed5\u8fc7\u8eab\u4efd\u8ba4\u8bc1\uff0c\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u7cfb\u7edf\u547d\u4ee4\uff0c\u521b\u5efa\u6216\u5220\u9664\u6587\u4ef6\u4ee5\u53ca\u7981\u7528\u670d\u52a1\u7b49\u64cd\u4f5c\u3002",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://support.f5.com/csp/article/K55879220",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-35519",
"openTime": "2022-05-07",
"patchDescription": "F5 BIG-IP\u662f\u7f8e\u56fdF5\u516c\u53f8\u4e00\u6b3e\u96c6\u6210\u6d41\u91cf\u7ba1\u7406\u3001DNS\u3001\u51fa\u5165\u7ad9\u89c4\u5219\u3001web\u5e94\u7528\u9632\u706b\u5899\u3001web\u7f51\u5173\u3001\u8d1f\u8f7d\u5747\u8861\u7b49\u529f\u80fd\u7684\u5e94\u7528\u4ea4\u4ed8\u5e73\u53f0\u3002\r\n\r\nF5 BIG-IP iControl REST\u8eab\u4efd\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eiControl REST\u7ec4\u4ef6\u7684\u8eab\u4efd\u8ba4\u8bc1\u529f\u80fd\u5b58\u5728\u7ed5\u8fc7\u7f3a\u9677\uff0c\u5bfc\u81f4\u6388\u6743\u8bbf\u95ee\u673a\u5236\u5931\u6548\u3002\u672a\u7ecf\u8eab\u4efd\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u5411BIG-IP\u670d\u52a1\u5668\u53d1\u9001\u6076\u610f\u6784\u9020\u8bf7\u6c42\uff0c\u7ed5\u8fc7\u8eab\u4efd\u8ba4\u8bc1\uff0c\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u7cfb\u7edf\u547d\u4ee4\uff0c\u521b\u5efa\u6216\u5220\u9664\u6587\u4ef6\u4ee5\u53ca\u7981\u7528\u670d\u52a1\u7b49\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "F5 BIG-IP iControl REST\u8eab\u4efd\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"F5 BIG-IP 16.1.0-16.1.2",
"F5 BIG-IP 15.1.0-15.1.5",
"F5 BIG-IP 14.1.0-14.1.4",
"F5 BIG-IP 13.1.0-13.1.4",
"F5 BIG-IP 12.1.0-12.1.6",
"F5 BIG-IP 11.6.1-11.6.5"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-1388",
"serverity": "\u9ad8",
"submitTime": "2022-05-07",
"title": "F5 BIG-IP iControl REST\u8eab\u4efd\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}
FKIE_CVE-2022-1388
Vulnerability from fkie_nvd - Published: 2022-05-05 17:15 - Updated: 2025-10-27 17:06
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K23605346 | Mitigation, Vendor Advisory | |
| f5sirt@f5.com | https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/ | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K23605346 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/ | Exploit, Mitigation, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1388 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * |
{
"cisaActionDue": "2022-05-31",
"cisaExploitAdd": "2022-05-10",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "F5 BIG-IP Missing Authentication Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBA9552-4645-4BFF-91A4-47B6A3414325",
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2F2CB2-BE96-4DC8-B336-1E9A318B4604",
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B31BA594-F521-4AE6-B1B6-6F1F5AB735F5",
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E2C67C-CF1B-4D54-A65D-1AD14DA61199",
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F699242D-CA23-47D7-BB53-C96A7EF82239",
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "758D4F60-C707-4C09-8FA1-9AFC232C2B68",
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61D1B91F-8672-4947-AF9A-F635679D0FB7",
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E32CBE0-BFDC-4DCB-A365-2F3C4D680446",
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB153379-872C-4800-AF9E-4219559291FD",
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B12B864-CF0E-4015-B898-9FF24956898D",
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E336C11E-2544-4AD1-A16B-640DB335048F",
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B89C592-E704-4AA8-98EF-22E81A888D9F",
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3787453-ECE9-4958-8FD8-8A43A9F86077",
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18666B67-A6EA-402B-926E-96348AB82831",
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B5C349-CF76-4C87-9A4F-86769F5666CD",
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7A0B6B-F4B2-4E02-B49E-4CCED696971F",
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E079B86-18A3-48D4-9413-D4EBB35E2682",
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6025496D-61A0-444D-85FF-9EB452FDC12D",
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05ED802A-A8A0-4E96-AB45-811A98AA11C2",
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF5B8C5-98F2-45B5-A877-C3666E3D6876",
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B937D3C-6D0E-4D87-B9B0-A58A2866A37F",
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3AC626-DC9B-4DA1-ABA0-335B3E20EAE8",
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E827A475-5A25-4485-8F51-4A39CDB89201",
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9965A0FA-84CE-4E7C-92C8-C74A44F401E2",
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B15992E6-85B6-4E62-A284-FE4B78F5F373",
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1849279E-9FB1-4D6A-8386-337F7DF151DF",
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93768065-555D-46EA-A6E4-00EA467573AA",
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDFDBFD-8183-4F38-A1E9-B26A087F5EDF",
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6EC6B2-9CDE-467B-94ED-4CD1214435A6",
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDA0FAF-471B-415F-820C-446EDD53E327",
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8376922B-0D04-4E5D-BADE-0D6AC23A4696",
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F489E5B1-1EC4-4E45-8EE6-6A4FCD0F386F",
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5B9015-1D83-46F8-A328-286D5CF811DC",
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18B014EC-59DC-4956-A7F9-FDCCE6802701",
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BCBA7D9-05C4-4804-9DD9-6400D7717B71",
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E0A3C3-F168-47D6-A54D-09722BE9EC92",
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0471086D-B70E-4B87-862E-01FB99B0D5D5",
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01C01794-36BD-4783-B962-07000FCE4788",
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF82D6C0-DF3B-4F0E-B4A1-FDC7E3C9FECC",
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1C42EF-0217-4A0F-B327-F9419745DC0D",
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97923BA5-DB8D-46CB-89DE-A2AB313557DA",
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "800B3D3B-45FF-406F-8A32-70E00D2F9DE5",
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD3D5803-35A0-4FF7-9AD3-E345C53A18FC",
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED5A4F4-9FFF-43D0-B17D-838D6CEDDF04",
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7748E16-F5E4-4D23-A9BF-B9A5B6462536",
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "025F4F45-7EB2-4C8F-9F85-AEF4844A943D",
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DD60EC-40A6-48DA-B2B9-B1881820056E",
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3816AEE7-81A4-46F4-97EC-B156DA52C04D",
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E20DFBD1-5469-4330-81B1-078D6487C01D",
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16234A51-9C86-484A-B8D5-6EFB838CB564",
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF9D095-AC38-415A-B97E-909563DA7C89",
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F94750C3-D5B8-4397-8211-5EEEF947BCEB",
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F702C966-4D1B-419A-8853-975DE634FE2C",
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "384FD000-3901-4B01-B544-DE210FCFB3B1",
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F92F2449-8A6E-431E-8CB1-5255D2464B31",
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61189D3B-8BF1-47A7-B5AC-A75E44D6BD5F",
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "260092B3-CA15-4ECE-B4F9-075C714FFE76",
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9242BCA-366B-4C8B-A9E9-FA422ADDF18D",
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF9BCD4-9631-4AC9-95B2-DA7688FDA703",
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "652E0726-38DB-4559-BAC1-860E02678F60",
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53F940F3-6CF4-48C8-BFBF-4FE9B3A26D31",
"versionEndIncluding": "11.6.5",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBA5CDC-1989-4971-BD1B-F14E801F5017",
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE503F5-17E8-4893-ABA9-2075180EBA82",
"versionEndExcluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B25AE8-6158-4448-B096-58105102CD78",
"versionEndExcluding": "14.1.4.6",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA80562-DD10-47A8-8A9C-75056D8A81EC",
"versionEndExcluding": "15.1.5.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C53D007-B6DD-447E-BA9A-5CE9137CAA80",
"versionEndExcluding": "16.1.2.2",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
},
{
"lang": "es",
"value": "En F5 BIG-IP versiones 16.1.x anteriores a 16.1.2.2, versiones 15.1.x anteriores a 15.1.5.1, versiones 14.1.x anteriores a 14.1.4.6, versiones 13.1.x anteriores a 13.1.5 y todas las versiones 12.1.x y 11.6.x, las peticiones no reveladas pueden omitir la autenticaci\u00f3n REST de iControl. Nota: las versiones de software que han alcanzado el Fin del Soporte T\u00e9cnico (EoTS) no son evaluadas"
}
],
"id": "CVE-2022-1388",
"lastModified": "2025-10-27T17:06:48.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "f5sirt@f5.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-05-05T17:15:10.570",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K23605346"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K23605346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1388"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "f5sirt@f5.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-1388
Vulnerability from fstec - Published: 05.05.2022
VLAI Severity ?
Title
Уязвимость интерфейса iControl REST API средств защиты приложений BIG-IP, позволяющая нарушителю выполнять произвольные команды, изменять или удалять файлы
Description
Уязвимость интерфейса iControl REST API средств защиты приложений BIG-IP связана с отсутствием проверки подлинности для критически важной функции. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнять произвольные команды, изменять или удалять файлы
Severity ?
Vendor
F5 Networks, Inc.
Software Name
BIG-IP Access Policy Manager, BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Domain Name System, BIG-IP Fraud Protection Service
Software Version
от 11.6.1 до 11.6.5 включительно (BIG-IP Access Policy Manager), от 12.1.0 до 12.1.6 включительно (BIG-IP Access Policy Manager), от 16.1.0 до 16.1.2.2 (BIG-IP Access Policy Manager), от 15.1.0 до 15.1.5.1 (BIG-IP Access Policy Manager), от 14.1.0 до 14.1.4.6 (BIG-IP Access Policy Manager), от 13.1.0 до 13.1.5 (BIG-IP Access Policy Manager), от 11.6.1 до 11.6.5 включительно (BIG-IP Advanced Firewall Manager), от 12.1.0 до 12.1.6 включительно (BIG-IP Advanced Firewall Manager), от 13.1.0 до 13.1.5 (BIG-IP Advanced Firewall Manager), от 14.1.0 до 14.1.4.6 (BIG-IP Advanced Firewall Manager), от 15.1.0 до 15.1.5.1 (BIG-IP Advanced Firewall Manager), от 16.1.0 до 16.1.2.2 (BIG-IP Advanced Firewall Manager), от 11.6.1 до 11.6.5 включительно (BIG-IP Analytics), от 12.1.0 до 12.1.6 включительно (BIG-IP Analytics), от 13.1.0 до 13.1.5 (BIG-IP Analytics), от 14.1.0 до 14.1.4.6 (BIG-IP Analytics), от 15.1.0 до 15.1.5.1 (BIG-IP Analytics), от 16.1.0 до 16.1.2.2 (BIG-IP Analytics), от 11.6.1 до 11.6.5 включительно (BIG-IP Application Acceleration Manager), от 12.1.0 до 12.1.6 включительно (BIG-IP Application Acceleration Manager), от 13.1.0 до 13.1.5 (BIG-IP Application Acceleration Manager), от 14.1.0 до 14.1.4.6 (BIG-IP Application Acceleration Manager), от 15.1.0 до 15.1.5.1 (BIG-IP Application Acceleration Manager), от 16.1.0 до 16.1.2.2 (BIG-IP Application Acceleration Manager), от 11.6.1 до 11.6.5 включительно (BIG-IP Application Security Manager), от 12.1.0 до 12.1.6 включительно (BIG-IP Application Security Manager), от 13.1.0 до 13.1.5 (BIG-IP Application Security Manager), от 14.1.0 до 14.1.4.6 (BIG-IP Application Security Manager), от 15.1.0 до 15.1.5.1 (BIG-IP Application Security Manager), от 16.1.0 до 16.1.2.2 (BIG-IP Application Security Manager), от 11.6.1 до 11.6.5 включительно (BIG-IP Link Controller), от 12.1.0 до 12.1.6 включительно (BIG-IP Link Controller), от 13.1.0 до 13.1.5 (BIG-IP Link Controller), от 14.1.0 до 14.1.4.6 (BIG-IP Link Controller), от 15.1.0 до 15.1.5.1 (BIG-IP Link Controller), от 16.1.0 до 16.1.2.2 (BIG-IP Link Controller), от 11.6.1 до 11.6.5 включительно (BIG-IP Local Traffic Manager), от 12.1.0 до 12.1.6 включительно (BIG-IP Local Traffic Manager), от 13.1.0 до 13.1.5 (BIG-IP Local Traffic Manager), от 14.1.0 до 14.1.4.6 (BIG-IP Local Traffic Manager), от 15.1.0 до 15.1.5.1 (BIG-IP Local Traffic Manager), от 16.1.0 до 16.1.2.2 (BIG-IP Local Traffic Manager), от 11.6.1 до 11.6.5 включительно (BIG-IP Policy Enforcement Manager), от 12.1.0 до 12.1.6 включительно (BIG-IP Policy Enforcement Manager), от 13.1.0 до 13.1.5 (BIG-IP Policy Enforcement Manager), от 14.1.0 до 14.1.4.6 (BIG-IP Policy Enforcement Manager), от 15.1.0 до 15.1.5.1 (BIG-IP Policy Enforcement Manager), от 16.1.0 до 16.1.2.2 (BIG-IP Policy Enforcement Manager), от 11.6.1 до 11.6.5 включительно (BIG-IP Domain Name System), от 12.1.0 до 12.1.6 включительно (BIG-IP Domain Name System), от 13.1.0 до 13.1.5 (BIG-IP Domain Name System), от 14.1.0 до 14.1.4.6 (BIG-IP Domain Name System), от 15.1.0 до 15.1.5.1 (BIG-IP Domain Name System), от 16.1.0 до 16.1.2.2 (BIG-IP Domain Name System), от 11.6.1 до 11.6.5 включительно (BIG-IP Fraud Protection Service), от 12.1.0 до 12.1.6 включительно (BIG-IP Fraud Protection Service), от 13.1.0 до 13.1.5 (BIG-IP Fraud Protection Service), от 14.1.0 до 14.1.4.6 (BIG-IP Fraud Protection Service), от 15.1.0 до 15.1.5.1 (BIG-IP Fraud Protection Service), от 16.1.0 до 16.1.2.2 (BIG-IP Fraud Protection Service)
Possible Mitigations
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
- блокирование доступа к iControl REST через собственный IP-адрес;
- изменение TCP-портов 443 и 8443, используемых по умолчанию;
- блокирование доступа к iControl REST через интерфейс управления;
- изменение конфигурации BIG-IP httpd
Войти в оболочку TMOS ( tmsh ) системы BIG-IP, введя следующую команду:
tmsh
Открыть конфигурацию httpd для редактирования, введя следующую команду:
edit /sys httpd all-properties
Найти строку, начинающуюся с include none , и замените none следующим текстом:
Примечание . Если текущий оператор включения уже содержит конфигурацию, отличную от none, добавьте следующую конфигурацию в конец текущей конфигурации в пределах существующих символов двойных кавычек ( " ).
"<If \"%{HTTP:connection} =~ /close/i \">
RequestHeader set connection close
</If>
<ElseIf \"%{HTTP:connection} =~ /keep-alive/i \">
RequestHeader set connection keep-alive
</ElseIf>
<Else>
RequestHeader set connection close
</Else>"
После обновления оператора include использовать клавишу ESC, чтобы выйти из интерактивного режима редактора, затем сохраните изменения, введя следующую команду:
:wq
В ответ на приглашение Сохранить изменения (y/n/e) выбрать y , чтобы сохранить изменения.
Сохраните конфигурацию BIG-IP, введя следующую команду:
save /sys config
Источник информации:
https://support.f5.com/csp/article/K23605346
Reference
https://support.f5.com/csp/article/K23605346
https://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html
http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html
https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv
CWE
CWE-306
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "F5 Networks, Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 11.6.1 \u0434\u043e 11.6.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Access Policy Manager), \u043e\u0442 12.1.0 \u0434\u043e 12.1.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Access Policy Manager), \u043e\u0442 16.1.0 \u0434\u043e 16.1.2.2 (BIG-IP Access Policy Manager), \u043e\u0442 15.1.0 \u0434\u043e 15.1.5.1 (BIG-IP Access Policy Manager), \u043e\u0442 14.1.0 \u0434\u043e 14.1.4.6 (BIG-IP Access Policy Manager), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 (BIG-IP Access Policy Manager), \u043e\u0442 11.6.1 \u0434\u043e 11.6.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Advanced Firewall Manager), \u043e\u0442 12.1.0 \u0434\u043e 12.1.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Advanced Firewall Manager), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 (BIG-IP Advanced Firewall Manager), \u043e\u0442 14.1.0 \u0434\u043e 14.1.4.6 (BIG-IP Advanced Firewall Manager), \u043e\u0442 15.1.0 \u0434\u043e 15.1.5.1 (BIG-IP Advanced Firewall Manager), \u043e\u0442 16.1.0 \u0434\u043e 16.1.2.2 (BIG-IP Advanced Firewall Manager), \u043e\u0442 11.6.1 \u0434\u043e 11.6.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Analytics), \u043e\u0442 12.1.0 \u0434\u043e 12.1.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Analytics), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 (BIG-IP Analytics), \u043e\u0442 14.1.0 \u0434\u043e 14.1.4.6 (BIG-IP Analytics), \u043e\u0442 15.1.0 \u0434\u043e 15.1.5.1 (BIG-IP Analytics), \u043e\u0442 16.1.0 \u0434\u043e 16.1.2.2 (BIG-IP Analytics), \u043e\u0442 11.6.1 \u0434\u043e 11.6.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Application Acceleration Manager), \u043e\u0442 12.1.0 \u0434\u043e 12.1.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Application Acceleration Manager), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 (BIG-IP Application Acceleration Manager), \u043e\u0442 14.1.0 \u0434\u043e 14.1.4.6 (BIG-IP Application Acceleration Manager), \u043e\u0442 15.1.0 \u0434\u043e 15.1.5.1 (BIG-IP Application Acceleration Manager), \u043e\u0442 16.1.0 \u0434\u043e 16.1.2.2 (BIG-IP Application Acceleration Manager), \u043e\u0442 11.6.1 \u0434\u043e 11.6.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Application Security Manager), \u043e\u0442 12.1.0 \u0434\u043e 12.1.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Application Security Manager), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 (BIG-IP Application Security Manager), \u043e\u0442 14.1.0 \u0434\u043e 14.1.4.6 (BIG-IP Application Security Manager), \u043e\u0442 15.1.0 \u0434\u043e 15.1.5.1 (BIG-IP Application Security Manager), \u043e\u0442 16.1.0 \u0434\u043e 16.1.2.2 (BIG-IP Application Security Manager), \u043e\u0442 11.6.1 \u0434\u043e 11.6.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Link Controller), \u043e\u0442 12.1.0 \u0434\u043e 12.1.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Link Controller), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 (BIG-IP Link Controller), \u043e\u0442 14.1.0 \u0434\u043e 14.1.4.6 (BIG-IP Link Controller), \u043e\u0442 15.1.0 \u0434\u043e 15.1.5.1 (BIG-IP Link Controller), \u043e\u0442 16.1.0 \u0434\u043e 16.1.2.2 (BIG-IP Link Controller), \u043e\u0442 11.6.1 \u0434\u043e 11.6.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Local Traffic Manager), \u043e\u0442 12.1.0 \u0434\u043e 12.1.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Local Traffic Manager), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 (BIG-IP Local Traffic Manager), \u043e\u0442 14.1.0 \u0434\u043e 14.1.4.6 (BIG-IP Local Traffic Manager), \u043e\u0442 15.1.0 \u0434\u043e 15.1.5.1 (BIG-IP Local Traffic Manager), \u043e\u0442 16.1.0 \u0434\u043e 16.1.2.2 (BIG-IP Local Traffic Manager), \u043e\u0442 11.6.1 \u0434\u043e 11.6.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Policy Enforcement Manager), \u043e\u0442 12.1.0 \u0434\u043e 12.1.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Policy Enforcement Manager), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 (BIG-IP Policy Enforcement Manager), \u043e\u0442 14.1.0 \u0434\u043e 14.1.4.6 (BIG-IP Policy Enforcement Manager), \u043e\u0442 15.1.0 \u0434\u043e 15.1.5.1 (BIG-IP Policy Enforcement Manager), \u043e\u0442 16.1.0 \u0434\u043e 16.1.2.2 (BIG-IP Policy Enforcement Manager), \u043e\u0442 11.6.1 \u0434\u043e 11.6.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Domain Name System), \u043e\u0442 12.1.0 \u0434\u043e 12.1.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Domain Name System), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 (BIG-IP Domain Name System), \u043e\u0442 14.1.0 \u0434\u043e 14.1.4.6 (BIG-IP Domain Name System), \u043e\u0442 15.1.0 \u0434\u043e 15.1.5.1 (BIG-IP Domain Name System), \u043e\u0442 16.1.0 \u0434\u043e 16.1.2.2 (BIG-IP Domain Name System), \u043e\u0442 11.6.1 \u0434\u043e 11.6.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Fraud Protection Service), \u043e\u0442 12.1.0 \u0434\u043e 12.1.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Fraud Protection Service), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 (BIG-IP Fraud Protection Service), \u043e\u0442 14.1.0 \u0434\u043e 14.1.4.6 (BIG-IP Fraud Protection Service), \u043e\u0442 15.1.0 \u0434\u043e 15.1.5.1 (BIG-IP Fraud Protection Service), \u043e\u0442 16.1.0 \u0434\u043e 16.1.2.2 (BIG-IP Fraud Protection Service)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a iControl REST \u0447\u0435\u0440\u0435\u0437 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 IP-\u0430\u0434\u0440\u0435\u0441;\n- \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 TCP-\u043f\u043e\u0440\u0442\u043e\u0432 443 \u0438 8443, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e;\n- \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a iControl REST \u0447\u0435\u0440\u0435\u0437 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f;\n- \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 BIG-IP httpd\n\u0412\u043e\u0439\u0442\u0438 \u0432 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0443 TMOS ( tmsh ) \u0441\u0438\u0441\u0442\u0435\u043c\u044b BIG-IP, \u0432\u0432\u0435\u0434\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u0443:\ntmsh\n\n\u041e\u0442\u043a\u0440\u044b\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e httpd \u0434\u043b\u044f \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0432\u0432\u0435\u0434\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u0443:\nedit /sys httpd all-properties\n\n\u041d\u0430\u0439\u0442\u0438 \u0441\u0442\u0440\u043e\u043a\u0443, \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0449\u0443\u044e\u0441\u044f \u0441 include none , \u0438 \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u0435 none \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0442\u0435\u043a\u0441\u0442\u043e\u043c:\n\u041f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u0435 . \u0415\u0441\u043b\u0438 \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0443\u0436\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e, \u043e\u0442\u043b\u0438\u0447\u043d\u0443\u044e \u043e\u0442 none, \u0434\u043e\u0431\u0430\u0432\u044c\u0442\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0432 \u043a\u043e\u043d\u0435\u0446 \u0442\u0435\u043a\u0443\u0449\u0435\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0432 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u0445 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 \u0434\u0432\u043e\u0439\u043d\u044b\u0445 \u043a\u0430\u0432\u044b\u0447\u0435\u043a ( \" ).\n\n\"\u003cIf \\\"%{HTTP:connection} =~ /close/i \\\"\u003e\nRequestHeader set connection close\n\u003c/If\u003e\n\u003cElseIf \\\"%{HTTP:connection} =~ /keep-alive/i \\\"\u003e\nRequestHeader set connection keep-alive\n\u003c/ElseIf\u003e\n\u003cElse\u003e\n RequestHeader set connection close\n\u003c/Else\u003e\"\n\n\u041f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430 include \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043a\u043b\u0430\u0432\u0438\u0448\u0443 ESC, \u0447\u0442\u043e\u0431\u044b \u0432\u044b\u0439\u0442\u0438 \u0438\u0437 \u0438\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0440\u0435\u0436\u0438\u043c\u0430 \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430, \u0437\u0430\u0442\u0435\u043c \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f, \u0432\u0432\u0435\u0434\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u0443:\n:wq\n\n\u0412 \u043e\u0442\u0432\u0435\u0442 \u043d\u0430 \u043f\u0440\u0438\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u0435 \u0421\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u044c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f (y/n/e) \u0432\u044b\u0431\u0440\u0430\u0442\u044c y , \u0447\u0442\u043e\u0431\u044b \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u044c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f.\n\u0421\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e BIG-IP, \u0432\u0432\u0435\u0434\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u0443:\nsave /sys config\n\n\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438:\nhttps://support.f5.com/csp/article/K23605346",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.05.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "11.05.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02849",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-1388",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "BIG-IP Access Policy Manager, BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Domain Name System, BIG-IP Fraud Protection Service",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 iControl REST API \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 BIG-IP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u0444\u0430\u0439\u043b\u044b",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 (CWE-306)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 iControl REST API \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 BIG-IP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u0444\u0430\u0439\u043b\u044b",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://support.f5.com/csp/article/K23605346\nhttps://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html\nhttp://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-306",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…