Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems.
Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. The issues impact BIG-IP versions 13.x, 14.x, 15.x, 16.x, and 17.x, and BIG-IQ Centralized Management versions 7.x and 8.x.
The two high-severity issues, which were reported to F5 on August 18, 2022, are as follows –
- CVE-2022-41622 (CVSS score: 8.8) – A cross-site request forgery (CSRF) vulnerability through iControl SOAP, leading to unauthenticated remote code execution.
- CVE-2022-41800 (CVSS score: 8.7) – An iControl REST vulnerability that could allow an authenticated user with an Administrator role to bypass Appliance mode restrictions.
images from Hacker News