| ID | 1090501626 |
| Created | Dec 15, 2022 |
| Updated | Dec 15, 2022 |
| Severity |
|
| Default Action | pass |
| Active |
|
| Affected OS | Linux |
| Affected App | Other |
| Engine Version | 5.0.0 or later |
Legend
| Enabled/Available |
|
| Disabled/Not Available |
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2022-12-16 | 0.00336 |
Refine Search
Threat Encyclopedia
F5.BIG-IP.iControl.RPM.Creator.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Code Injection Vulnerability in F5 iControl REST interface.
The vulnerability is due to an insufficient input validation error when the vulnerable module handles a crafted HTTP request. A remote attacker could exploit this to execute arbitrary code within the context of target application, via a crafted HTTP request.
Affected Products
F5 BIG-IP version 17.0.0
F5 BIG-IP version 16.1.0 to version 16.1.3
F5 BIG-IP version 15.1.0 to version 15.1.8
F5 BIG-IP version 14.1.0 to version 14.1.5
F5 BIG-IP version 13.1.0 to version 13.1.5
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://support.f5.com/csp/article/K13325942