<< Back
CVE Number Vulnerability Product Severity Date
CVE-2022-1388 BIG-IP iControl REST API Remote code execution vulnerability F5 BIG-IP Critical 18-06-2022

Technical Information

Undisclosed requests in iControl REST Authentication in F5’s BIG-IP leads to unauthorised access to iControl REST API leading to a remote code execution. This vulnerability allows unauthorised attackers with network access to BIG-IP via management port or self IP address to create or delete files, disable or enable services. This vulnerability affects all versions of BIG-IP except 17.x versions

Affected Software

16.1.x versions prior to 16.1.2.2
15.1.x versions prior to 15.1.5.1
14.1.x versions prior to 14.1.4.6
13.1.x versions prior to 13.1.5
All 12.1.x and 11.6.x versions