Vulnerability Name:

CVE-2022-41800 (CCN-240239)

Assigned:2022-11-11
Published:2022-11-11
Updated:2022-12-12
Summary:F5 BIG-IP could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when running in Appliance mode. By sending a specially-crafted request using an iControl REST endpoint, an attacker could exploit this vulnerability to bypass Appliance mode restrictions to cross a security boundary.
CVSS v3 Severity:8.7 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N)
8.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
8.7 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N)
8.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:8.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): None
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2022-41800

Source: XF
Type: UNKNOWN
f5-cve202241800-sec-bypass(240239)

Source: CCN
Type: Packet Storm Security [11-24-2022]
F5 BIG-IP iControl Remote Command Execution

Source: CCN
Type: Packet Storm Security [02-03-2023]
F5 Big-IP Create Administrative User

Source: CCN
Type: F5 Security Advisory K13325942
Appliance mode iControl REST vulnerability CVE-2022-41800

Source: f5sirt@f5.com
Type: Vendor Advisory
f5sirt@f5.com

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:f5:big-ip:13.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip:14.1.0:*:*:*:*:*:*:*
  • OR cpe:/o:f5:big-ip:15.1.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    f5 big-ip 13.1.0
    f5 big-ip 14.1.0
    f5 big-ip 15.1.0