K000137522: BIG-IP iControl REST vulnerability CVE-2024-22093

Security Advisory Description When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. CVE-2024-22093 Impact This...

K32544615: BIG-IP iControl REST API vulnerability CVE-2024-22389

Security Advisory Description When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. CVE-2024-22389 Impact This vulnerability may allow a high privileged remote authenticated attacker to use deleted or updated API...

F5 BIG-IP Security Vulnerabilities

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, and load balancing. A security vulnerability exists in the F5 BIG-IP that stems from a remote command injection vulnerability in the iControl REST endpoint on a...

PT-2024-19382 · F5 · Big-Ip

The affected software is BIG-IP, specifically when deployed in high availability HA mode. The issue arises when an iControl REST API token is updated, and this change is not synchronized with the peer device. An exploit for this issue is available. The BIG-IP software is affected when deployed in...

PT-2024-19202 · Icontrol · Icontrol

The issue is related to an authenticated remote command injection in an undisclosed iControl REST endpoint on multi-bladed systems when running in appliance mode. A successful exploit can allow the attacker to cross a security boundary. The affected software is iControl, but the specific versions...

F5 Networks BIG-IP : BIG-IP iControl REST vulnerability (K000137522)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137522 advisory. - When running in appliance mode, an authenticated remote command injection vulnerability exists in an...

F5 Networks BIG-IP : BIG-IP iControl REST API vulnerability (K32544615)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K32544615 advisory. When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does no...

VulnCheck KEV: CVE-2022-41800

In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note:...

The vulnerability of the iControl SOAP interface for access control and remote authentication in BIG-IP allows a perpetrator to execute arbitrary code.

The vulnerability of the iControl SOAP interface for access control and remote authentication in BIG-IP involves the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

F5 Networks BIG-IP : iControl REST vulnerability (K20059815)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.0.2 / 14.1.2.8 / 14.1.3 / 15.0.0. It is, therefore, affected by a vulnerability as referenced in the K20059815 advisory. - In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed...

F5 Networks BIG-IP : iControl SOAP vulnerability (K53854428)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 14.1.4.2 / 15.1.3 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K53854428 advisory. BIG-IP and BIG-IQ arevulnerable to cross-site request forgery CSRF attacks through...

F5 Networks BIG-IP : BIG-IP iControl REST Privilege Escalation (K26910459)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K26910459 advisory. The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database DB variables. Not...

F5 BIG-IP iControl Security Bypass Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A security bypass vulnerability exists in F5 BIG-IP iControl, which can be exploited by an attacker to allow a...

CVE-2023-42768

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note:...

CVE-2023-42768 BIG-IP iControl REST vulnerability

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note:...

CVE-2023-42768 BIG-IP iControl REST vulnerability

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note:...

CVE-2023-42768

CVE-2023-42768 affects BIG-IP iControl REST privilege escalation. A non-admin user temporarily granted admin rights via iControl REST PUT can retain access to admin resources after reverting role, enabling control-plane access. According to F5 advisory K26910459, fixes are available: BIG-IP (all ...

K26910459: BIG-IP iControl REST vulnerability CVE-2023-42768

Security Advisory Description When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST, the BIG-IP non-admin user can still access the iContro...

F5 BIG-IP 代码问题漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A security bypass vulnerability exists in F5 BIG-IP iControl, which can be exploited by an attacker to allow a...

PT-2023-28578 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: The issue occurs when a non-admin user is assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration...