CVE-2022-41622 BIG-IP and BIG-IQ are vulnerable to CSRF attacks through iControl SOAP.
BIG-IP and BIG-IQ maintainers have released patches to resolve these issues. In case of a vulnerable version, the installation of the patch is mandatory.
Vulnerability Severity Rating CVSS Base Score Exploitation Risk Impact CVSS v3 Base Score 7.5 7.5ombo 10 Exploitation likely Remote Code Execution Low 2.5 2.5r 9 Exploitation likely Remote Code Execution Low 2.1 2.1r 7 Exploitation likely Remote Code Execution Low 2.1 2.1r 7 Exploitation likely Remote Code Execution Low 2.1 2.1r 7 Exploitation likely Remote Code Execution Low 2.1 2.1r 7 CVSS:3.0/AV:N/AC:L/PR:L/R:R/S:U/C:H/I:H/A:H/
Some devices are not supported by patching. If your device is not supported by software patching, it may not be exploitable. In such a case, you will have to consider upgrading the device to a supported version.
Affects:
BIG-IP and BIG-IQ Maintainers have released patches to resolve these issues. In case of a vulnerable version, the installation of the patch is mandatory.
Vulnerability Severity Rating CVSS Base Score Exploitation Risk Impact CVSS v3 Base Score 7.5 7.5ombo 10 Exploitation likely Remote Code Execution Low
Fixed in BIG-IP version version
10.1.0-hf2 and BIG-IQ version 2.5
The vulnerability has been fixed in BIG-IP versions 10.1.0-hf2 and BIG-IQ versions 2.5, but some devices are not supported by software patching and will therefore not be exploitable by this vulnerability
Fixed CVSS Base Score: 7.5
Fixed CVSS Base Score: 7.5
References:
-The Cisco Security Advisory, CVE-2022-41622
-Cisco release notes: https://support.cisco.com/1/KnowledgeBaseArticle/326074
-BIG-IP and BIG-IQ release notes: https://support.f5.com/kb/en-us/solutions/public/15000867
This vulnerability is security vulnerability in the Cisco IOS Software and Cisco IOS XE Software that affects all supported releases of the following products:
-Cisco Catalyst 6500 Series Switches
-Cisco ASA 5500 Series Adaptive Security Appliance (ASA)
-Cisco Firepower 9300 Security Appliance (SA)
In order to resolve this vulnerability, please install the appropriate software patches:
Timeline
Published on: 12/07/2022 04:15:00 UTC
Last modified on: 12/08/2022 20:14:00 UTC