CVE-2022-41622
iControl SOAP vulnerability
In short
BIG-IP and BIG-IQ systems can be attacked through iControl SOAP, where a malicious website tricks an authenticated user into performing unwanted actions without their knowledge. This allows attackers to manipulate critical network and security configurations.
Technical detail
CSRF vulnerability in iControl SOAP interface affecting BIG-IP and BIG-IQ, exploitable via malicious web pages against authenticated administrators. Attack requires victim to visit attacker-controlled site while maintaining active session; successful exploitation enables unauthorized modification of system configurations and security policies.
Summary generated and translated by AI from the official description.
In all versions,
BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →