CVE-2022-35728

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 13.1.x F5 BIG-IP versions 14.1.x through 14.1.5.0 F5 BIG-IP versions 15.1.x through 15.1.6.0 F5 BIG-IP versions 16.1.x through 16.1.3.0 F5 BIG-IP versions 17.0.x through 17.0.0.0 F5 BIG-IQ versions 7.x F5 BIG-IQ versions 8.x through 8.1.x

Description The issue is related to the iControl REST API interface of the BIG-IP application security tools, which is associated with an incorrect session expiration time. This may allow a remote attacker to execute arbitrary commands, disable arbitrary services, create or delete arbitrary files.

Recommendations For F5 BIG-IP versions 13.1.x, update to a version that is still supported and has the issue resolved. For F5 BIG-IP versions 14.1.x through 14.1.5.0, update to version 14.1.5.1 or later. For F5 BIG-IP versions 15.1.x through 15.1.6.0, update to version 15.1.6.1 or later. For F5 BIG-IP versions 16.1.x through 16.1.3.0, update to version 16.1.3.1 or later. For F5 BIG-IP versions 17.0.x through 17.0.0.0, update to version 17.0.0.1 or later. For F5 BIG-IQ versions 7.x, consider upgrading to a supported version. For F5 BIG-IQ versions 8.x through 8.1.x, update to version 8.2.0 or later.