| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2022-1388 | BIG-IP iControl REST API Remote code execution vulnerability | F5 BIG-IP | Critical | 18-06-2022 |
Technical Information
Undisclosed requests in iControl REST Authentication in F5’s BIG-IP leads to unauthorised access to iControl REST API leading to a remote code execution. This vulnerability allows unauthorised attackers with network access to BIG-IP via management port or self IP address to create or delete files, disable or enable services. This vulnerability affects all versions of BIG-IP except 17.x versions
Affected Software
16.1.x versions prior to 16.1.2.215.1.x versions prior to 15.1.5.1
14.1.x versions prior to 14.1.4.6
13.1.x versions prior to 13.1.5
All 12.1.x and 11.6.x versions