Lucene search
F5CVELIST:CVE-2022-41622HistoryDec 07, 2022 - 3:08 a.m.
CVE-2022-41622 iControl SOAP vulnerability
2022-12-0703:08:06
CWE-352
f5
www.cve.org
7
icontrol soap
csrf
vulnerability
all versions
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.473
Percentile
97.5%
In all versions,
BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CNA Affected
[
{
"defaultStatus": "unknown",
"modules": [
"iControl SOAP"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"status": "affected",
"version": "17.x"
},
{
"status": "affected",
"version": "16.1.x"
},
{
"status": "affected",
"version": "15.1.x"
},
{
"status": "affected",
"version": "14.1.x"
},
{
"status": "affected",
"version": "13.1.x"
}
]
},
{
"defaultStatus": "unknown",
"modules": [
"iControl SOAP"
],
"product": "BIG-IQ Centralized Management",
"vendor": "F5",
"versions": [
{
"status": "affected",
"version": "8.x"
},
{
"status": "affected",
"version": "7.1.x"
}
]
}
]References
Related
checkpoint_advisories
checkpoint_advisories
F5 Big-IP Cross-Site Request Forgery (CVE-2022-41622)
2022-11-23 00:00:00
nvd
nvd
CVE-2022-41622
2022-12-07 04:15:10
f5
f5
K94221585 : iControl SOAP vulnerability CVE-2022-41622
2022-11-16 00:00:00
K97843387 : Overview of F5 vulnerabilities (November 2022)
2022-11-16 00:00:00
cve
cve
CVE-2022-41622
2022-12-07 04:15:10
hivepro
hivepro
RCE flaw in F5 BIG-IP and BIG-IQ
2022-11-18 08:42:14
nessus
nessus
F5 Networks BIG-IP : iControl SOAP vulnerability (K94221585)
2022-11-16 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-12-07 04:15:00
metasploit
metasploit
F5 BIG-IP iControl CSRF File Write SOAP API
2022-11-16 19:58:15
F5 BIG-IP iControl Authenticated RCE via RPM Creator
2022-11-16 20:04:18
F5 Big-IP Create Admin User
2022-11-16 20:12:16
packetstorm
packetstorm
F5 BIG-IP iControl Remote Command Execution
2022-11-24 00:00:00
F5 Big-IP Create Administrative User
2023-02-03 00:00:00
F5 BIG-IP iControl Cross Site Request Forgery
2022-11-21 00:00:00
zdt
zdt
F5 BIG-IP iControl Cross Site Request Forgery Exploit
2022-11-21 00:00:00
F5 Big-IP Create Administrative User Exploit
2023-02-03 00:00:00
thn
thn
High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices
2022-11-17 06:58:00
rapid7blog
rapid7blog
CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures
2022-11-16 15:00:00
CVE-2023-22374: F5 BIG-IP Format String Vulnerability
2023-02-01 15:57:57
Metasploit Weekly Wrap-Up
2022-11-25 17:14:15
attackerkb
attackerkb
CVE-2022-41800
2022-12-07 00:00:00
trellix
trellix
The Bug Report – November 2022 Edition
2022-12-07 00:00:00
The Bug Report – November 2022 Edition
2022-12-07 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.473
Percentile
97.5%
Related for CVELIST:CVE-2022-41622