CVE-2022-1388 Information
Jun 07, 2022
cve
Description
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 15.1.x versions prior to 15.1.5.1 14.1.x versions prior to 14.1.4.6 13.1.x versions prior to 13.1.5 and all 12.1.x and 11.6.x versions undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://support.f5.com/csp/article/K23605346 http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: