Details of VAR-202205-0394

ID

VAR-202205-0394

CVE

CVE-2022-1388

TITLE

F5 BIG-IP Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2022-010066

DESCRIPTION

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. F5 BIG-IP There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. F5 BIG-IP is an application delivery platform that integrates functions such as traffic management, DNS, inbound and outbound rules, web application firewall, web gateway, and load balancing. F5 BIG-IP iControl REST authentication bypass vulnerability, the vulnerability is due to the bypass flaw in the identity authentication function of the iControl REST component, resulting in the failure of the authorized access mechanism. Unauthenticated attackers exploit this vulnerability by sending maliciously constructed requests to the BIG-IP server, bypassing authentication, executing arbitrary system commands, creating or deleting files, and disabling services on the target system

Trust: 1.8

sources: NVD: CVE-2022-1388 // JVNDB: JVNDB-2022-010066 // VULHUB: VHN-419501 // VULMON: CVE-2022-1388

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	16.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.1.4.6	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	15.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-010066 // NVD: CVE-2022-1388

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-1388
value:	CRITICAL
Trust: 1.8
f5sirt@f5.com:	CVE-2022-1388
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202205-2141
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-419501
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-1388
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2022-1388
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9
VULHUB:	VHN-419501
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-010066
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-419501 // VULMON: CVE-2022-1388 // JVNDB: JVNDB-2022-010066 // NVD: CVE-2022-1388 // NVD: CVE-2022-1388 // CNNVD: CNNVD-202205-2141

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.1
problemtype:	Lack of authentication for critical features (CWE-306) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-419501 // JVNDB: JVNDB-2022-010066 // NVD: CVE-2022-1388

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2141

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202205-2141

CONFIGURATIONS

sources: NVD: CVE-2022-1388

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-419501

PATCH

title:	K23605346	url:	https://my.f5.com/manage/s/article/k23605346	Trust: 0.8
title:	F5 BIG-IP Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=191844	Trust: 0.6
title:	-	url:	https://github.com/trhacknon/f5-cve-2022-1388-exploit	Trust: 0.1
title:	-	url:	https://github.com/revanmalang/cve-2022-1388	Trust: 0.1
title:	-	url:	https://github.com/thatonesecguy/cve-2022-1388-exploit	Trust: 0.1
title:	-	url:	https://github.com/chocapikk/cve-2022-1388	Trust: 0.1
title:	-	url:	https://github.com/iveresk/cve-2022-1388-1veresk	Trust: 0.1
title:	-	url:	https://github.com/devengpk/cve-2022-1388	Trust: 0.1
title:	-	url:	https://github.com/zephrfish/f5-cve-2022-1388-exploit	Trust: 0.1
title:	-	url:	https://github.com/justakazh/cve-2022-1388	Trust: 0.1
title:	-	url:	https://github.com/iveresk/cve-2022-1388-iveresk-command-shell	Trust: 0.1
title:	-	url:	https://github.com/zeyad-azima/cve-2022-1388	Trust: 0.1
title:	-	url:	https://github.com/evillizard666/cve-2022-1388	Trust: 0.1
title:	-	url:	https://github.com/hudi233/cve-2022-1388	Trust: 0.1

sources: VULMON: CVE-2022-1388 // JVNDB: JVNDB-2022-010066 // CNNVD: CNNVD-202205-2141

EXTERNAL IDS

db:	NVD	id:	CVE-2022-1388	Trust: 3.4
db:	PACKETSTORM	id:	167150	Trust: 1.7
db:	PACKETSTORM	id:	167007	Trust: 1.7
db:	PACKETSTORM	id:	167118	Trust: 1.7
db:	JVNDB	id:	JVNDB-2022-010066	Trust: 0.8
db:	EXPLOIT-DB	id:	50932	Trust: 0.7
db:	CS-HELP	id:	SB2022051005	Trust: 0.6
db:	CXSECURITY	id:	WLB-2022050040	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-2141	Trust: 0.6
db:	CNVD	id:	CNVD-2022-35519	Trust: 0.1
db:	VULHUB	id:	VHN-419501	Trust: 0.1
db:	VULMON	id:	CVE-2022-1388	Trust: 0.1

sources: VULHUB: VHN-419501 // VULMON: CVE-2022-1388 // JVNDB: JVNDB-2022-010066 // NVD: CVE-2022-1388 // CNNVD: CNNVD-202205-2141

REFERENCES

url:	http://packetstormsecurity.com/files/167007/f5-big-ip-remote-code-execution.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/167150/f5-big-ip-icontrol-remote-code-execution.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/167118/f5-big-ip-16.0.x-remote-code-execution.html	Trust: 1.7
url:	https://support.f5.com/csp/article/k23605346	Trust: 1.7
url:	https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1388	Trust: 0.8
url:	https://www.cisa.gov/known-exploited-vulnerabilities-catalog	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-1388/	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2022050040	Trust: 0.6
url:	https://www.exploit-db.com/exploits/50932	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051005	Trust: 0.6
url:	https://vigilance.fr/vulnerability/f5-big-ip-multiple-vulnerabilities-38241	Trust: 0.6
url:	https://vigilance.fr/vulnerability/f5-big-ip-code-execution-via-icontrol-rest-38284	Trust: 0.6

sources: VULHUB: VHN-419501 // JVNDB: JVNDB-2022-010066 // NVD: CVE-2022-1388 // CNNVD: CNNVD-202205-2141

CREDITS

Alt3kx

Trust: 0.6

sources: CNNVD: CNNVD-202205-2141

SOURCES

db:	VULHUB	id:	VHN-419501
db:	VULMON	id:	CVE-2022-1388
db:	JVNDB	id:	JVNDB-2022-010066
db:	NVD	id:	CVE-2022-1388
db:	CNNVD	id:	CNNVD-202205-2141

LAST UPDATE DATE

2023-12-18T12:55:04.996000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-419501	date:	2023-01-24T00:00:00
db:	VULMON	id:	CVE-2022-1388	date:	2023-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-010066	date:	2023-08-10T03:10:00
db:	NVD	id:	CVE-2022-1388	date:	2023-11-02T01:54:15.380
db:	CNNVD	id:	CNNVD-202205-2141	date:	2022-05-16T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-419501	date:	2022-05-05T00:00:00
db:	VULMON	id:	CVE-2022-1388	date:	2022-05-05T00:00:00
db:	JVNDB	id:	JVNDB-2022-010066	date:	2023-08-10T00:00:00
db:	NVD	id:	CVE-2022-1388	date:	2022-05-05T17:15:10.570
db:	CNNVD	id:	CNNVD-202205-2141	date:	2022-05-04T00:00:00