← voltar
CVE-2022-35243

Authenticated iControl REST in Appliance mode vulnerability CVE-2022-35243

CVSS 8.7 HIGHEPSS 0.6%CWE-269
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.7EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
04 ago 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Produtos afetados
F5 · BIG-IP

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://support.f5.com/csp/article/K11010341