China National Vulnerability DatabaseCNVD-2022-35519F5 BIG-IP iControl REST Authentication Bypass Vulnerability
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
F5 BIG-IP is an application delivery platform from F5 USA that integrates traffic management, DNS, inbound and outbound rules, web application firewall, web gateway, load balancing, etc. The F5 BIG-IP iControl REST authentication bypass vulnerability is due to a bypass flaw in the authentication function of the iControl REST component, which causes authorization access mechanism to fail. An unauthenticated attacker uses this vulnerability to bypass authentication by sending a malicious construct request to the BIG-IP server to execute arbitrary system commands on the target system, create or delete files and disable services, and other operations.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P