F5 fixed 2 high-severity Remote Code Execution bugs in its products

The Appliance mode iControl REST contains the CVE-2022-41800 authenticated remote code execution through RPM spec injection vulnerability. An authenticated user with appropriate user credentials assigned to the Administrator role can ignore restrictions in Appliance mode.

Users who are authenticated with iControl SOAP’s basic authentication and have at least the resource administrator role privilege may be duped into taking important actions by an attacker. Only the control plane, not the data plane, can be used by an attacker to take advantage of this vulnerability. The vulnerability has the potential to compromise the entire system if it is used.

F5 fixed 2 high-severity Remote Code Execution bugs in its products

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

F5 fixed 2 high-severity Remote Code Execution bugs in its products

16-Nov-22

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address