mickmick.net

F5 Products Multiple Vulnerabilities

Release Date: 18 Nov 2022

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in F5 Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and security restriction bypass on the targeted system.

 

Note:

Proof of concept exploit for CVE-2022-41622 exists on the internet. The vulnerability is related to remote code execution, and it required a users who have at least resource administrator role privilege and are authenticated through basic authentication in iControl SOAP into performing critical actions. Hence, the overall risk level is medium.

---

Impact

• Remote Code Execution
• Security Restriction Bypass

---

System / Technologies affected

• BIG-IP (all modules)
• BIG-IP SPK
• BIG-IQ Centralized Management

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://support.f5.com/csp/article/K13325942
• https://support.f5.com/csp/article/K94221585

---

Vulnerability Identifier

• CVE-2022-41622
• CVE-2022-41800

---

Source

• F5

---

Related Link

• https://support.f5.com/csp/article/K13325942
• https://support.f5.com/csp/article/K94221585
• https://www.bleepingcomputer.com/news/security/f5-fixes-two-remote-code-execution-flaws-in-big-ip-big-iq/