Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-41622
HistoryDec 07, 2022 - 4:15 a.m.

CVE-2022-41622

2022-12-0704:15:10
CWE-352
[email protected]
web.nvd.nist.gov
8
vulnerability
csrf
icontrol soap
big-ip
big-iq

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.473

Percentile

97.5%

JSON

In all versions,

BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected configurations

Nvd
Node
f5big-iq_centralized_managementRange8.0.08.2.0
OR
f5big-iq_centralized_managementMatch7.1.0
Node
f5big-ip_advanced_firewall_managerRange13.1.013.1.5
OR
f5big-ip_advanced_firewall_managerRange14.1.014.1.5
OR
f5big-ip_advanced_firewall_managerRange15.1.015.1.8
OR
f5big-ip_advanced_firewall_managerRange16.1.016.1.3
OR
f5big-ip_advanced_firewall_managerMatch17.0.0
Node
f5big-ip_analyticsRange13.1.013.1.5
OR
f5big-ip_analyticsRange14.1.014.1.5
OR
f5big-ip_analyticsRange15.1.015.1.8
OR
f5big-ip_analyticsRange16.1.016.1.3
OR
f5big-ip_analyticsMatch17.0.0
Node
f5big-ip_access_policy_managerRange13.1.013.1.5
OR
f5big-ip_access_policy_managerRange14.1.014.1.5
OR
f5big-ip_access_policy_managerRange15.1.015.1.8
OR
f5big-ip_access_policy_managerRange16.1.016.1.3
OR
f5big-ip_access_policy_managerMatch17.0.0
Node
f5big-ip_application_security_managerRange13.1.013.1.5
OR
f5big-ip_application_security_managerRange14.1.014.1.5
OR
f5big-ip_application_security_managerRange15.1.015.1.8
OR
f5big-ip_application_security_managerRange16.1.016.1.3
OR
f5big-ip_application_security_managerMatch17.0.0
Node
f5big-ip_domain_name_systemRange13.1.013.1.5
OR
f5big-ip_domain_name_systemRange14.1.014.1.5
OR
f5big-ip_domain_name_systemRange15.1.015.1.8
OR
f5big-ip_domain_name_systemRange16.1.016.1.3
OR
f5big-ip_domain_name_systemMatch17.0.0
Node
f5big-ip_fraud_protection_serviceRange13.1.013.1.5
OR
f5big-ip_fraud_protection_serviceRange14.1.014.1.5
OR
f5big-ip_fraud_protection_serviceRange15.1.015.1.8
OR
f5big-ip_fraud_protection_serviceRange16.1.016.1.3
OR
f5big-ip_fraud_protection_serviceMatch17.0.0
Node
f5big-ip_global_traffic_managerRange13.1.013.1.5
OR
f5big-ip_global_traffic_managerRange14.1.014.1.5
OR
f5big-ip_global_traffic_managerRange15.1.015.1.8
OR
f5big-ip_global_traffic_managerRange16.1.016.1.3
OR
f5big-ip_global_traffic_managerMatch17.0.0
Node
f5big-ip_link_controllerRange13.1.013.1.5
OR
f5big-ip_link_controllerRange14.1.014.1.5
OR
f5big-ip_link_controllerRange15.1.015.1.8
OR
f5big-ip_link_controllerRange16.1.016.1.3
OR
f5big-ip_link_controllerMatch17.0.0
Node
f5big-ip_local_traffic_managerRange13.1.013.1.5
OR
f5big-ip_local_traffic_managerRange14.1.014.1.5
OR
f5big-ip_local_traffic_managerRange15.1.015.1.8
OR
f5big-ip_local_traffic_managerRange16.1.016.1.3
OR
f5big-ip_local_traffic_managerMatch17.0.0
Node
f5big-ip_policy_enforcement_managerRange13.1.013.1.5
OR
f5big-ip_policy_enforcement_managerRange14.1.014.1.5
OR
f5big-ip_policy_enforcement_managerRange15.1.015.1.8
OR
f5big-ip_policy_enforcement_managerRange16.1.016.1.3
OR
f5big-ip_policy_enforcement_managerMatch17.0.0
Node
f5big-ip_application_acceleration_managerRange13.1.013.1.5
OR
f5big-ip_application_acceleration_managerRange14.1.014.1.5
OR
f5big-ip_application_acceleration_managerRange15.1.015.1.8
OR
f5big-ip_application_acceleration_managerRange16.1.016.1.3
OR
f5big-ip_application_acceleration_managerMatch17.0.0
VendorProductVersionCPE
f5big-iq_centralized_management*cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*
f5big-iq_centralized_management7.1.0cpe:2.3:a:f5:big-iq_centralized_management:7.1.0:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager*cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager17.0.0cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:*:*:*:*:*:*:*
f5big-ip_analytics*cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
f5big-ip_analytics17.0.0cpe:2.3:a:f5:big-ip_analytics:17.0.0:*:*:*:*:*:*:*
f5big-ip_access_policy_manager*cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
f5big-ip_access_policy_manager17.0.0cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:*
f5big-ip_application_security_manager*cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
f5big-ip_application_security_manager17.0.0cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 241

Related

checkpoint_advisories 1
f5 2
cvelist 1
cve 1
hivepro 1
nessus 1
prion 1
packetstorm 3
metasploit 4
zdt 2
thn 1
rapid7blog 3
attackerkb 1
trellix 2
checkpoint_advisories
checkpoint_advisories
F5 Big-IP Cross-Site Request Forgery (CVE-2022-41622)
2022-11-23 00:00:00
f5
f5
K94221585 : iControl SOAP vulnerability CVE-2022-41622
2022-11-16 00:00:00
K97843387 : Overview of F5 vulnerabilities (November 2022)
2022-11-16 00:00:00
cvelist
cvelist
CVE-2022-41622 iControl SOAP vulnerability
2022-12-07 03:08:06
cve
cve
CVE-2022-41622
2022-12-07 04:15:10
hivepro
hivepro
RCE flaw in F5 BIG-IP and BIG-IQ
2022-11-18 08:42:14
nessus
nessus
F5 Networks BIG-IP : iControl SOAP vulnerability (K94221585)
2022-11-16 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-12-07 04:15:00
packetstorm
packetstorm
F5 BIG-IP iControl Remote Command Execution
2022-11-24 00:00:00
F5 Big-IP Create Administrative User
2023-02-03 00:00:00
F5 BIG-IP iControl Cross Site Request Forgery
2022-11-21 00:00:00
metasploit
metasploit
F5 BIG-IP iControl CSRF File Write SOAP API
2022-11-16 19:58:15
F5 BIG-IP iControl Authenticated RCE via RPM Creator
2022-11-16 20:04:18
F5 Big-IP Create Admin User
2022-11-16 20:12:16
zdt
zdt
F5 BIG-IP iControl Cross Site Request Forgery Exploit
2022-11-21 00:00:00
F5 Big-IP Create Administrative User Exploit
2023-02-03 00:00:00
thn
thn
High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices
2022-11-17 06:58:00
rapid7blog
rapid7blog
CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures
2022-11-16 15:00:00
CVE-2023-22374: F5 BIG-IP Format String Vulnerability
2023-02-01 15:57:57
Metasploit Weekly Wrap-Up
2022-11-25 17:14:15
attackerkb
attackerkb
CVE-2022-41800
2022-12-07 00:00:00
trellix
trellix
The Bug Report – November 2022 Edition
2022-12-07 00:00:00
The Bug Report – November 2022 Edition
2022-12-07 00:00:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.473

Percentile

97.5%

JSON
Related for NVD:CVE-2022-41622
checkpoint_advisories1f52cvelist1cve1hivepro1nessus1prion1packetstorm3metasploit4zdt2thn1rapid7blog3attackerkb1trellix2