Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K13325942
HistoryNov 10, 2022 - 12:00 a.m.

K13325942 : Appliance mode iControl REST vulnerability CVE-2022-41800

2022-11-1000:00:00
my.f5.com
29
appliance mode
icontrol rest
vulnerability

AI Score

8.3

Confidence

High

EPSS

0.008

Percentile

81.9%

JSON

Security Advisory Description

When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. (CVE-2022-41800)

Impact

In Appliance mode, an authenticated user with valid user credentials assigned the Administrator role may be able to bypass Appliance mode restrictions. This is a control plane issue; there is no data plane exposure. Appliance mode is enforced by a specific license or may be enabled or disabled for individual Virtual Clustered Multiprocessing (vCMP) guest instances.

For more information about Appliance mode, refer to K12815: Overview of Appliance mode.

Related

nvd 1
prion 1
cvelist 1
cve 1
nessus 1
checkpoint_advisories 1
packetstorm 3
metasploit 4
thn 1
rapid7blog 3
f5 1
zdt 2
githubexploit 1
attackerkb 1
trellix 2
nvd
nvd
CVE-2022-41800
2022-12-07 04:15:10
prion
prion
Design/Logic Flaw
2022-12-07 04:15:00
cvelist
cvelist
CVE-2022-41800 Appliance mode iControl REST vulnerability
2022-12-07 03:12:17
cve
cve
CVE-2022-41800
2022-12-07 04:15:10
nessus
nessus
F5 Networks BIG-IP : Appliance mode iControl REST vulnerability (K13325942)
2022-11-16 00:00:00
checkpoint_advisories
checkpoint_advisories
F5 Big-IP Command Injection (CVE-2022-41800)
2022-11-23 00:00:00
packetstorm
packetstorm
F5 BIG-IP iControl Remote Command Execution
2022-11-24 00:00:00
F5 Big-IP Create Administrative User
2023-02-03 00:00:00
F5 BIG-IP iControl Cross Site Request Forgery
2022-11-21 00:00:00
metasploit
metasploit
F5 BIG-IP iControl CSRF File Write SOAP API
2022-11-16 19:58:15
F5 Big-IP Create Admin User
2022-11-16 20:12:16
F5 Big-IP Gather Information from MCP Datastore
2022-11-23 19:10:34
thn
thn
High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices
2022-11-17 06:58:00
rapid7blog
rapid7blog
CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures
2022-11-16 15:00:00
CVE-2023-22374: F5 BIG-IP Format String Vulnerability
2023-02-01 15:57:57
Metasploit Weekly Wrap-Up
2022-11-25 17:14:15
f5
f5
K97843387 : Overview of F5 vulnerabilities (November 2022)
2022-11-16 00:00:00
zdt
zdt
F5 Big-IP Create Administrative User Exploit
2023-02-03 00:00:00
F5 BIG-IP iControl Cross Site Request Forgery Exploit
2022-11-21 00:00:00
githubexploit
githubexploit
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
2023-04-12 20:46:03
attackerkb
attackerkb
CVE-2022-41800
2022-12-07 00:00:00
trellix
trellix
The Bug Report – November 2022 Edition
2022-12-07 00:00:00
The Bug Report – November 2022 Edition
2022-12-07 00:00:00

AI Score

8.3

Confidence

High

EPSS

0.008

Percentile

81.9%

JSON
Related for F5:K13325942
nvd1prion1cvelist1cve1nessus1checkpoint_advisories1packetstorm3metasploit4thn1rapid7blog3f51zdt2githubexploit1attackerkb1trellix2