HomePentest-Tools.com Logo

F5 BIG-IP iControl - REST Auth Bypass RCE CVE-2022-1388

Severity
CVSSv3 Score
9.8
Vulnerability description

F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, may allow undisclosed requests to bypass iControl REST authentication.\n

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Apply the necessary security patches or updates provided by F5 Networks to mitigate this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
May 5, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available