Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K94221585
HistoryNov 16, 2022 - 12:00 a.m.

K94221585 : iControl SOAP vulnerability CVE-2022-41622

2022-11-1600:00:00
my.f5.com
44
big-ip
big-iq
csrf
cve-2022-41622
icontrol soap
cross-site request forgery
authentication.

AI Score

8.9

Confidence

High

EPSS

0.473

Percentile

97.5%

JSON

Security Advisory Description

BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. (CVE-2022-41622)

Impact

An attacker may trick users who have at least resource administrator role privilege and are authenticated through basic authentication in iControl SOAP into performing critical actions. An attacker can exploit this vulnerability only through the control plane, not through the data plane. If exploited, the vulnerability can compromise the complete system.

Related

checkpoint_advisories 1
nvd 1
hivepro 1
nessus 1
cvelist 1
cve 1
prion 1
metasploit 4
packetstorm 3
f5 1
zdt 2
thn 1
rapid7blog 3
attackerkb 1
trellix 2
checkpoint_advisories
checkpoint_advisories
F5 Big-IP Cross-Site Request Forgery (CVE-2022-41622)
2022-11-23 00:00:00
nvd
nvd
CVE-2022-41622
2022-12-07 04:15:10
hivepro
hivepro
RCE flaw in F5 BIG-IP and BIG-IQ
2022-11-18 08:42:14
nessus
nessus
F5 Networks BIG-IP : iControl SOAP vulnerability (K94221585)
2022-11-16 00:00:00
cvelist
cvelist
CVE-2022-41622 iControl SOAP vulnerability
2022-12-07 03:08:06
cve
cve
CVE-2022-41622
2022-12-07 04:15:10
prion
prion
Cross site request forgery (csrf)
2022-12-07 04:15:00
metasploit
metasploit
F5 BIG-IP iControl CSRF File Write SOAP API
2022-11-16 19:58:15
F5 BIG-IP iControl Authenticated RCE via RPM Creator
2022-11-16 20:04:18
F5 Big-IP Create Admin User
2022-11-16 20:12:16
packetstorm
packetstorm
F5 BIG-IP iControl Remote Command Execution
2022-11-24 00:00:00
F5 Big-IP Create Administrative User
2023-02-03 00:00:00
F5 BIG-IP iControl Cross Site Request Forgery
2022-11-21 00:00:00
f5
f5
K97843387 : Overview of F5 vulnerabilities (November 2022)
2022-11-16 00:00:00
zdt
zdt
F5 BIG-IP iControl Cross Site Request Forgery Exploit
2022-11-21 00:00:00
F5 Big-IP Create Administrative User Exploit
2023-02-03 00:00:00
thn
thn
High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices
2022-11-17 06:58:00
rapid7blog
rapid7blog
CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures
2022-11-16 15:00:00
CVE-2023-22374: F5 BIG-IP Format String Vulnerability
2023-02-01 15:57:57
Metasploit Weekly Wrap-Up
2022-11-25 17:14:15
attackerkb
attackerkb
CVE-2022-41800
2022-12-07 00:00:00
trellix
trellix
The Bug Report – November 2022 Edition
2022-12-07 00:00:00
The Bug Report – November 2022 Edition
2022-12-07 00:00:00

AI Score

8.9

Confidence

High

EPSS

0.473

Percentile

97.5%

JSON
Related for F5:K94221585
checkpoint_advisories1nvd1hivepro1nessus1cvelist1cve1prion1metasploit4packetstorm3f51zdt2thn1rapid7blog3attackerkb1trellix2