Lucene search

K
f5F5F5:K59904248
HistoryMay 04, 2022 - 12:00 a.m.

K59904248 : iControl SOAP vulnerability CVE-2022-29474

2022-05-0400:00:00
my.f5.com
83
icontrol soap
vulnerability
directory traversal
authenticated attacker
guest role privileges
wsdl files
big-ip
file system
exploit security issue

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

26.9%

Security Advisory Description

A directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. (CVE-2022-29474)

Impact

An authenticated attacker with at least guest role privileges may exploit this vulnerability by sending a crafted request to iControl SOAP. If the exploit is successful, an attacker can read wsdl files in the BIG-IP file system. There is no data plane exposure; this is a control plane issue only.

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

26.9%