F5 BIG-IP iControl REST Session Expiration Time Insufficient Vulnerability Vulnerability

2022-08-0300:00:00

China National Vulnerability Database

www.cnvd.org.cn

0.002 Low

EPSS

Percentile

58.4%

JSON

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A session expiration time insufficient vulnerability exists in F5 BIG-IP iControl REST, which stems from the fact that after logging out from the configuration utility, an authenticated user’s iControl REST token may An attacker could exploit this vulnerability to reuse an authenticated user’s iControl REST token generated from the configuration utility for a limited period of time and access it through the management port and/or its own IP address to execute arbitrary system commands, create or delete files, or disable services.

CPENameOperatorVersion
F5 BIG-IP (all modules) >=7.0.0，<=7.eq1.0.3
F5 BIG-IP (all modules) >=8.0.0，<=8.eq1.0.2
F5 Networks BIG-IQ >=13.1.0.0，le13.1.5
F5 Networks BIG-IQ >=14.1.0，le14.1.5
F5 Networks BIG-IQ >=15.1.0，le15.1.5
F5 Networks BIG-IQ >=16.1.0，le16.1.3
F5 Networks BIG-IQeq17.0.0

Name	Operator	Version
F5 BIG-IP (all modules) >=7.0.0，<=7.	eq	1.0.3
F5 BIG-IP (all modules) >=8.0.0，<=8.	eq	1.0.2
F5 Networks BIG-IQ >=13.1.0.0，	le	13.1.5
F5 Networks BIG-IQ >=14.1.0，	le	14.1.5
F5 Networks BIG-IQ >=15.1.0，	le	15.1.5
F5 Networks BIG-IQ >=16.1.0，	le	16.1.3
F5 Networks BIG-IQ	eq	17.0.0

0.002 Low

EPSS

Percentile

58.4%

JSON

Related for CNVD-2022-55187