Vulnerability Details : CVE-2022-41800
Public exploit exists!
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Products affected by CVE-2022-41800
- F5 » Big-ip Local Traffic ManagerVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Local Traffic ManagerVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.8cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Local Traffic ManagerVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.3cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Local Traffic ManagerVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:17.0.0:*:*:*:*:*:*:*
- F5 » Big-ip Global Traffic ManagerVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Global Traffic ManagerVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.3cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Global Traffic ManagerVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Global Traffic ManagerVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.8cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_global_traffic_manager:17.0.0:*:*:*:*:*:*:*
- F5 » Big-ip Application Security ManagerVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.3cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Security ManagerVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Security ManagerVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.8cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Security ManagerVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:*:*:*:*:*:*:*
- F5 » Big-ip Access Policy ManagerVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.3cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Access Policy ManagerVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.8cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Access Policy ManagerVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Access Policy ManagerVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:17.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:17.0.0:*:*:*:*:*:*:*
- F5 » Big-ip Application Acceleration ManagerVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Acceleration ManagerVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.8cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Acceleration ManagerVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.3cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Acceleration ManagerVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.0.0:*:*:*:*:*:*:*
- F5 » Big-ip Advanced Firewall ManagerVersions from including (>=) 13.1.0 and up to, including, (<=) 17.0.0cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Policy Enforcement ManagerVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Policy Enforcement ManagerVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.8cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Policy Enforcement ManagerVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.3cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Policy Enforcement ManagerVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.0.0:*:*:*:*:*:*:*
- F5 » Big-ip Domain Name SystemVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
- F5 » Big-ip Domain Name SystemVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
- F5 » Big-ip Domain Name SystemVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.8cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
- F5 » Big-ip Domain Name SystemVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.3cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_domain_name_system:17.0.0:*:*:*:*:*:*:*
- F5 » Big-ip Fraud Protection ServiceVersions from including (>=) 16.1.0 and up to, including, (<=) 16.1.3cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
- F5 » Big-ip Fraud Protection ServiceVersions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
- F5 » Big-ip Fraud Protection ServiceVersions from including (>=) 15.1.0 and up to, including, (<=) 15.1.8cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
- F5 » Big-ip Fraud Protection ServiceVersions from including (>=) 14.1.0 and up to, including, (<=) 14.1.5cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_fraud_protection_service:17.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-41800
92.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2022-41800
-
F5 BIG-IP iControl Authenticated RCE via RPM Creator
Disclosure Date: 2022-11-16First seen: 2022-12-23exploit/linux/http/f5_icontrol_rpmspec_rce_cve_2022_41800This module exploits a newline injection into an RPM .rpmspec file that permits authenticated users to remotely execute commands. Successful exploitation results in remote code execution as the root user. Authors: - Ron Bowes
CVSS scores for CVE-2022-41800
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.7
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
2.3
|
5.8
|
F5 Networks | |
|
8.7
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
2.3
|
5.8
|
NIST |
CWE ids for CVE-2022-41800
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by:
- f5sirt@f5.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2022-41800
-
https://support.f5.com/csp/article/K13325942
Appliance mode iControl REST vulnerability CVE-2022-41800Vendor Advisory
Jump to