Lucene search
F5F5:K55580033HistoryAug 03, 2022 - 12:00 a.m.
K55580033 : iControl REST vulnerability CVE-2022-35728
2022-08-0300:00:00
my.f5.com
88
icontrol rest
vulnerability
cve-2022-35728
authenticated user
remote attacker
management port
self ip addresses
arbitrary system commands
create files
delete files
disable services
Security Advisory Description
An authenticated user’s iControl REST token may remain valid for a limited time after logging out from the Configuration utility. (CVE-2022-35728)
Impact
A remote unauthenticated attacker may be able to reuse, for a limited time, an authenticated user’s iControl REST token generated from the Configuration utility and access through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.
Related
prion
prion
Design/Logic Flaw
2022-08-04 18:15:00
cvelist
cvelist
CVE-2022-35728 iControl REST vulnerability CVE-2022-35728
2022-08-04 17:49:50
cnvd
cnvd
nessus
nessus
F5 Networks BIG-IP : iControl REST vulnerability (K55580033)
2022-08-03 00:00:00
nvd
nvd
CVE-2022-35728
2022-08-04 18:15:10
cve
cve
CVE-2022-35728
2022-08-04 18:15:10
f5
f5
K14649763 : Overview of F5 vulnerabilities (August 2022)
2022-08-03 00:00:00