CVE-2024-22093

CWE-77 — Command Injection4 documents4 sources

Severity

8.7HIGH

EPSS

0.3%

top 44.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager +10 more

Timeline

PublishedFeb 14

Description

When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:NExploitability: 2.3 | Impact: 5.8

Affected Packages13 packages

▶NVDf5/big-ip_application_security_manager15.1.0 — 15.1.9+2

▶CVEListV5f5/big-ip17.1.0 — 17.1.1+2

▶NVDf5/big-ip_analytics15.1.0 — 15.1.9+2

▶NVDf5/big-ip_link_controller15.1.0 — 15.1.9+2

▶NVDf5/big-ip_domain_name_system15.1.0 — 15.1.9+2

🔴Vulnerability Details

CVEList

Appliance mode iControl REST vulnerability↗2024-02-14

▶

GHSA

GHSA-4x3g-wfmq-27q5: When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-blade↗2024-02-14

▶

📋Vendor Advisories

CVE-2024-22093: When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iCon...↗2024-02-14

▶

External resources

NVD MITRE

Affected products13

F5 Big-ip≥ 17.1.0, < 17.1.1≥ 16.1.0, < 16.1.4≥ 15.1.0, < 15.1.9

F5 Big-ip Access Policy Manager≥ 15.1.0, < 15.1.9≥ 16.1.0, < 16.1.4v17.1.0

F5 Big-ip Advanced Firewall Manager≥ 15.1.0, < 15.1.9≥ 16.1.0, < 16.1.4v17.1.0

F5 Big-ip Analytics≥ 15.1.0, < 15.1.9≥ 16.1.0, < 16.1.4v17.1.0

F5 Big-ip Application Acceleration Manager≥ 15.1.0, < 15.1.9≥ 16.1.0, < 16.1.4v17.1.0

F5 Big-ip Application Security Manager≥ 15.1.0, < 15.1.9≥ 16.1.0, < 16.1.4v17.1.0

F5 Big-ip Domain Name System≥ 15.1.0, < 15.1.9≥ 16.1.0, < 16.1.4v17.1.0

F5 Big-ip Fraud Protection Service≥ 15.1.0, < 15.1.9≥ 16.1.0, < 16.1.4v17.1.0

F5 Big-ip Global Traffic Manager≥ 15.1.0, < 15.1.9≥ 16.1.0, < 16.1.4v17.1.0

F5 Big-ip Link Controller≥ 15.1.0, < 15.1.9≥ 16.1.0, < 16.1.4v17.1.0

Disclosure

PublishedFeb 14, 2024