Lucene search
F5F5:K11010341HistoryAug 03, 2022 - 12:00 a.m.
K11010341 : Authenticated iControl REST in Appliance mode vulnerability CVE-2022-35243
2022-08-0300:00:00
my.f5.com
41
appliance mode
authenticated user
administrator role
security boundary
cve-2022-35243
control plane
vcmp guest instances
Security Advisory Description
When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. (CVE-2022-35243)
Impact
In Appliance mode, an authenticated user with valid user credentials assigned the Administrator role may be able to bypass Appliance mode restrictions. This is a control plane issue; there is no data plane exposure. Appliance mode is enforced by a specific license or may be enabled or disabled for individual Virtual Clustered Multiprocessing (vCMP) guest instances.
For more information about Appliance mode, refer to K12815: Overview of Appliance mode.
Related
cnvd
cnvd
F5 BIG-IP iControl REST improper privilege management vulnerability
2022-08-03 00:00:00
nvd
nvd
CVE-2022-35243
2022-08-04 18:15:10
nessus
nessus
prion
prion
Design/Logic Flaw
2022-08-04 18:15:00
cve
cve
CVE-2022-35243
2022-08-04 18:15:10
cvelist
cvelist
f5
f5
K14649763 : Overview of F5 vulnerabilities (August 2022)
2022-08-03 00:00:00