Details of VAR-202205-0394

ID

VAR-202205-0394

CVE

CVE-2022-1388

TITLE

F5 BIG-IP Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2022-010066

DESCRIPTION

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. F5 BIG-IP There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. F5 BIG-IP is an application delivery platform that integrates functions such as traffic management, DNS, inbound and outbound rules, web application firewall, web gateway, and load balancing. F5 BIG-IP iControl REST authentication bypass vulnerability, the vulnerability is due to the bypass flaw in the identity authentication function of the iControl REST component, resulting in the failure of the authorized access mechanism. Unauthenticated attackers exploit this vulnerability by sending maliciously constructed requests to the BIG-IP server, bypassing authentication, executing arbitrary system commands, creating or deleting files, and disabling services on the target system

Trust: 1.8

sources: NVD: CVE-2022-1388 // JVNDB: JVNDB-2022-010066 // VULHUB: VHN-419501 // VULMON: CVE-2022-1388

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-010066 // NVD: CVE-2022-1388

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-1388
value:	CRITICAL
Trust: 1.0
f5sirt@f5.com:	CVE-2022-1388
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-1388
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202205-2141
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-419501
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-1388
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-1388
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-419501
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-1388
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-010066
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-419501 // VULMON: CVE-2022-1388 // CNNVD: CNNVD-202205-2141 // JVNDB: JVNDB-2022-010066 // NVD: CVE-2022-1388 // NVD: CVE-2022-1388

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.1
problemtype:	Lack of authentication for critical features (CWE-306) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-419501 // JVNDB: JVNDB-2022-010066 // NVD: CVE-2022-1388

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2141

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202205-2141

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-419501

PATCH

title:	K23605346	url:	https://my.f5.com/manage/s/article/K23605346	Trust: 0.8
title:	F5 BIG-IP Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191844	Trust: 0.6
title:	-	url:	https://github.com/trhacknon/F5-CVE-2022-1388-Exploit	Trust: 0.1
title:	-	url:	https://github.com/revanmalang/CVE-2022-1388	Trust: 0.1
title:	-	url:	https://github.com/thatonesecguy/CVE-2022-1388-Exploit	Trust: 0.1
title:	-	url:	https://github.com/Chocapikk/CVE-2022-1388	Trust: 0.1
title:	-	url:	https://github.com/iveresk/cve-2022-1388-1veresk	Trust: 0.1
title:	-	url:	https://github.com/devengpk/CVE-2022-1388	Trust: 0.1
title:	-	url:	https://github.com/ZephrFish/F5-CVE-2022-1388-Exploit	Trust: 0.1
title:	-	url:	https://github.com/justakazh/CVE-2022-1388	Trust: 0.1
title:	-	url:	https://github.com/iveresk/cve-2022-1388-iveresk-command-shell	Trust: 0.1
title:	-	url:	https://github.com/Zeyad-Azima/CVE-2022-1388	Trust: 0.1
title:	-	url:	https://github.com/EvilLizard666/CVE-2022-1388	Trust: 0.1
title:	-	url:	https://github.com/Hudi233/CVE-2022-1388	Trust: 0.1

sources: VULMON: CVE-2022-1388 // CNNVD: CNNVD-202205-2141 // JVNDB: JVNDB-2022-010066

EXTERNAL IDS

db:	NVD	id:	CVE-2022-1388	Trust: 3.4
db:	PACKETSTORM	id:	167150	Trust: 1.7
db:	PACKETSTORM	id:	167007	Trust: 1.7
db:	PACKETSTORM	id:	167118	Trust: 1.7
db:	JVNDB	id:	JVNDB-2022-010066	Trust: 0.8
db:	EXPLOIT-DB	id:	50932	Trust: 0.7
db:	CS-HELP	id:	SB2022051005	Trust: 0.6
db:	CXSECURITY	id:	WLB-2022050040	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-2141	Trust: 0.6
db:	CNVD	id:	CNVD-2022-35519	Trust: 0.1
db:	VULHUB	id:	VHN-419501	Trust: 0.1
db:	VULMON	id:	CVE-2022-1388	Trust: 0.1

sources: VULHUB: VHN-419501 // VULMON: CVE-2022-1388 // CNNVD: CNNVD-202205-2141 // JVNDB: JVNDB-2022-010066 // NVD: CVE-2022-1388

REFERENCES

url:	http://packetstormsecurity.com/files/167007/f5-big-ip-remote-code-execution.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/167150/f5-big-ip-icontrol-remote-code-execution.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/167118/f5-big-ip-16.0.x-remote-code-execution.html	Trust: 1.7
url:	https://support.f5.com/csp/article/k23605346	Trust: 1.7
url:	https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/	Trust: 1.0
url:	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2022-1388	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1388	Trust: 0.8
url:	https://www.cisa.gov/known-exploited-vulnerabilities-catalog	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-1388/	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2022050040	Trust: 0.6
url:	https://www.exploit-db.com/exploits/50932	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051005	Trust: 0.6
url:	https://vigilance.fr/vulnerability/f5-big-ip-multiple-vulnerabilities-38241	Trust: 0.6
url:	https://vigilance.fr/vulnerability/f5-big-ip-code-execution-via-icontrol-rest-38284	Trust: 0.6

sources: VULHUB: VHN-419501 // CNNVD: CNNVD-202205-2141 // JVNDB: JVNDB-2022-010066 // NVD: CVE-2022-1388

CREDITS

Alt3kx

Trust: 0.6

sources: CNNVD: CNNVD-202205-2141

SOURCES

db:	VULHUB	id:	VHN-419501
db:	VULMON	id:	CVE-2022-1388
db:	CNNVD	id:	CNNVD-202205-2141
db:	JVNDB	id:	JVNDB-2022-010066
db:	NVD	id:	CVE-2022-1388

LAST UPDATE DATE

2025-11-18T15:28:35.748000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-419501	date:	2023-01-24T00:00:00
db:	VULMON	id:	CVE-2022-1388	date:	2023-11-02T00:00:00
db:	CNNVD	id:	CNNVD-202205-2141	date:	2022-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-010066	date:	2023-08-10T03:10:00
db:	NVD	id:	CVE-2022-1388	date:	2025-10-27T17:06:48.893

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-419501	date:	2022-05-05T00:00:00
db:	VULMON	id:	CVE-2022-1388	date:	2022-05-05T00:00:00
db:	CNNVD	id:	CNNVD-202205-2141	date:	2022-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2022-010066	date:	2023-08-10T00:00:00
db:	NVD	id:	CVE-2022-1388	date:	2022-05-05T17:15:10.570