Remote Code Execution Vulnerability in F5 Products
Indian - Computer Emergency Response Team (cert-in.org.in)
Severity Rating: HIGH
Software Affected
F5 BIG-IP (all modules) versions (17.0.0, 16.1.0 - 16.1.3, 15.1.0 - 15.1.8, 14.1.0 - 14.1.5, 13.1.0 - 13.1.5.
Overview
A vulnerability has been reported in F5 Products which could allow a remote attacker to execute arbitrary code on the targeted system.
Description
This vulnerability exists in F5 Products due to improper validation of user-supplied input and a flaw when running in Appliance mode. A remote attacker could exploit this vulnerability by sending a specially-crafted request using an iControl REST endpoint.
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system.
Solution
Apply appropriate upgrade as mentioned security advisory:
Vendor Information
F5 Products
References
F5 Products
CVE Name
CVE-2022-41622
CVE-2022-41800
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.