CVE-2022-35243

Name of the Vulnerable Software and Affected Versions BIG-IP versions 13.1.x BIG-IP versions 14.1.x through 14.1.4 BIG-IP versions 15.1.x through 15.1.5 BIG-IP versions 16.1.x through 16.1.2

Description An authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.

Recommendations For BIG-IP version 13.1.x, there is no information about a newer version that contains a fix for this issue. For BIG-IP versions 14.1.x through 14.1.4, update to version 14.1.5 or later. For BIG-IP versions 15.1.x through 15.1.5, update to version 15.1.5.1 or later. For BIG-IP versions 16.1.x through 16.1.2, update to version 16.1.3 or later. As a temporary workaround, consider restricting access to the undisclosed iControl REST endpoint until a patch is available.