In the statement made by F5, it was stated that the security vulnerabilities detected were found in the representative state transfer (REST) interface for the iControl framework used to communicate between F5 devices and users.
The identified security vulnerabilities are:
The vulnerability, code CVE-2022-41622, is caused by cross-site request forgery (CSRF) that affects BIG-IP and BIG-IQ products, allowing threat actors to gain root access to a device’s management interface.
The vulnerability code CVE-2022-41800 allows a threat actor with administrative privileges to execute code remotely on vulnerable systems via an RPM file.
BIG-IP product versions affected by these security vulnerabilities are as follows;
- 1.0 – 16.1.2
- 1.0 – 15.1.5
- 1.0 – 14.1.4
- 1.0 – 13.1.4
- 1.0 – 12.1.6
- 6.1 – 11.6.5
[/vc_column_text][vc_empty_space height=”10px”][vc_single_image image=”16903″ img_size=”full” add_caption=”yes” alignment=”center”][vc_empty_space height=”10px”][vc_column_text]Stating that they will not release updates for 11. x (11.6.1 – 11.6.5) and 12. x (12.1.0 – 12.1.6) versions, F5 said that there is no information that security vulnerabilities have been exploited yet and that existing updates will be included in future versions as soon as possible and announced that it will. In order not to be the target of target-oriented attacks that can be carried out by using the vulnerability of the users, it is recommended that the published updates be implemented immediately.[/vc_column_text][vc_empty_space][/vc_column][/vc_row]
