Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-41800Command Injection in F5 Big-ip Application Security Manager

CWE-77Command Injection6 documents6 sources
Severity
8.7HIGHNVD
EPSS
92.7%
top 0.25%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
12
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+9 more
Timeline
PublishedDec 7

Description

In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:NExploitability: 2.3 | Impact: 5.8

Affected Packages12 packages

NVDf5/big-ip_analytics13.1.013.1.5+4
NVDf5/big-ip_link_controller13.1.013.1.5+4
NVDf5/big-ip_domain_name_system13.1.013.1.5+4
NVDf5/big-ip_access_policy_manager13.1.013.1.5+4

🔴Vulnerability Details

3
CVEList
Appliance mode iControl REST vulnerability2022-12-07
GHSA
GHSA-cqcj-7vqr-p254: In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode2022-12-07
VulnCheck
F5 big-ip_access_policy_manager Improper Neutralization of Special Elements used in a Command ('Command Injection')2022

💥Exploits & PoCs

1
Nuclei
F5 BIG-IP Appliance Mode - Command Injection

📋Vendor Advisories

1
F5
CVE-2022-41800: In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may ...2022-12-07
CVE-2022-41800 — Command Injection in F5 | cvebase