Lucene search
HistoryDec 07, 2022 - 4:15 a.m.
CVE-2022-41800
big-ip
appliance mode
bypass
vulnerability
cve-2022-41800
authenticated user
administrator role
icontrol rest endpoint
security boundary
CVSS3
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
EPSS
0.008
Percentile
81.9%
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected configurations
Node
f5big-ip_access_policy_managerRange13.1.0–13.1.5
ORf5big-ip_access_policy_managerRange14.1.0–14.1.5
ORf5big-ip_access_policy_managerRange15.1.0–15.1.8
ORf5big-ip_access_policy_managerRange16.1.0–16.1.3
ORf5big-ip_access_policy_managerMatch17.0.0
ORf5big-ip_advanced_firewall_managerRange13.1.0–17.0.0
ORf5big-ip_analyticsRange13.1.0–13.1.5
ORf5big-ip_analyticsRange14.1.0–14.1.5
ORf5big-ip_analyticsRange15.1.0–15.1.8
ORf5big-ip_analyticsRange16.1.0–16.1.3
ORf5big-ip_analyticsMatch17.0.0
ORf5big-ip_application_acceleration_managerRange13.1.0–13.1.5
ORf5big-ip_application_acceleration_managerRange14.1.0–14.1.5
ORf5big-ip_application_acceleration_managerRange15.1.0–15.1.8
ORf5big-ip_application_acceleration_managerRange16.1.0–16.1.3
ORf5big-ip_application_acceleration_managerMatch17.0.0
ORf5big-ip_application_security_managerRange13.1.0–13.1.5
ORf5big-ip_application_security_managerRange14.1.0–14.1.5
ORf5big-ip_application_security_managerRange15.1.0–15.1.8
ORf5big-ip_application_security_managerRange16.1.0–16.1.3
ORf5big-ip_application_security_managerMatch17.0.0
ORf5big-ip_domain_name_systemRange13.1.0–13.1.5
ORf5big-ip_domain_name_systemRange14.1.0–14.1.5
ORf5big-ip_domain_name_systemRange15.1.0–15.1.8
ORf5big-ip_domain_name_systemRange16.1.0–16.1.3
ORf5big-ip_domain_name_systemMatch17.0.0
ORf5big-ip_fraud_protection_serviceRange13.1.0–13.1.5
ORf5big-ip_fraud_protection_serviceRange14.1.0–14.1.5
ORf5big-ip_fraud_protection_serviceRange15.1.0–15.1.8
ORf5big-ip_fraud_protection_serviceRange16.1.0–16.1.3
ORf5big-ip_fraud_protection_serviceMatch17.0.0
ORf5big-ip_global_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_global_traffic_managerRange14.1.0–14.1.5
ORf5big-ip_global_traffic_managerRange15.1.0–15.1.8
ORf5big-ip_global_traffic_managerRange16.1.0–16.1.3
ORf5big-ip_global_traffic_managerMatch17.0.0
ORf5big-ip_link_controllerRange13.1.0–13.1.5
ORf5big-ip_link_controllerRange14.1.0–14.1.5
ORf5big-ip_link_controllerRange15.1.0–15.1.8
ORf5big-ip_link_controllerRange16.1.0–16.1.3
ORf5big-ip_link_controllerMatch17.0.0
ORf5big-ip_local_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_local_traffic_managerRange14.1.0–14.1.5
ORf5big-ip_local_traffic_managerRange15.1.0–15.1.8
ORf5big-ip_local_traffic_managerRange16.1.0–16.1.3
ORf5big-ip_local_traffic_managerMatch17.0.0
ORf5big-ip_policy_enforcement_managerRange13.1.0–13.1.5
ORf5big-ip_policy_enforcement_managerRange14.1.0–14.1.5
ORf5big-ip_policy_enforcement_managerRange15.1.0–15.1.8
ORf5big-ip_policy_enforcement_managerRange16.1.0–16.1.3
ORf5big-ip_policy_enforcement_managerMatch17.0.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| f5 | big-ip_access_policy_manager | * | cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_access_policy_manager | 17.0.0 | cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:* |
| f5 | big-ip_advanced_firewall_manager | * | cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_analytics | * | cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* |
| f5 | big-ip_analytics | 17.0.0 | cpe:2.3:a:f5:big-ip_analytics:17.0.0:*:*:*:*:*:*:* |
| f5 | big-ip_application_acceleration_manager | * | cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_application_acceleration_manager | 17.0.0 | cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.0.0:*:*:*:*:*:*:* |
| f5 | big-ip_application_security_manager | * | cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_application_security_manager | 17.0.0 | cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:*:*:*:*:*:*:* |
| f5 | big-ip_domain_name_system | * | cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* |
References
Related
prion
prion
Design/Logic Flaw
2022-12-07 04:15:00
cvelist
cvelist
CVE-2022-41800 Appliance mode iControl REST vulnerability
2022-12-07 03:12:17
cve
cve
CVE-2022-41800
2022-12-07 04:15:10
nessus
nessus
F5 Networks BIG-IP : Appliance mode iControl REST vulnerability (K13325942)
2022-11-16 00:00:00
checkpoint_advisories
checkpoint_advisories
F5 Big-IP Command Injection (CVE-2022-41800)
2022-11-23 00:00:00
f5
f5
K13325942 : Appliance mode iControl REST vulnerability CVE-2022-41800
2022-11-10 00:00:00
K97843387 : Overview of F5 vulnerabilities (November 2022)
2022-11-16 00:00:00
packetstorm
packetstorm
F5 BIG-IP iControl Remote Command Execution
2022-11-24 00:00:00
F5 Big-IP Create Administrative User
2023-02-03 00:00:00
F5 BIG-IP iControl Cross Site Request Forgery
2022-11-21 00:00:00
metasploit
metasploit
F5 BIG-IP iControl CSRF File Write SOAP API
2022-11-16 19:58:15
F5 Big-IP Create Admin User
2022-11-16 20:12:16
F5 Big-IP Gather Information from MCP Datastore
2022-11-23 19:10:34
thn
thn
High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices
2022-11-17 06:58:00
rapid7blog
rapid7blog
CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures
2022-11-16 15:00:00
CVE-2023-22374: F5 BIG-IP Format String Vulnerability
2023-02-01 15:57:57
Metasploit Weekly Wrap-Up
2022-11-25 17:14:15
zdt
zdt
F5 Big-IP Create Administrative User Exploit
2023-02-03 00:00:00
F5 BIG-IP iControl Cross Site Request Forgery Exploit
2022-11-21 00:00:00
githubexploit
githubexploit
attackerkb
attackerkb
CVE-2022-41800
2022-12-07 00:00:00
trellix
trellix
The Bug Report – November 2022 Edition
2022-12-07 00:00:00
The Bug Report – November 2022 Edition
2022-12-07 00:00:00
CVSS3
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
EPSS
0.008
Percentile
81.9%
Related for NVD:CVE-2022-41800