CVE-2022-41800

Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to the fixed version

Description The issue is related to an undisclosed iControl REST endpoint in BIG-IP, allowing an authenticated user with the Administrator role to bypass Appliance mode restrictions when running in Appliance mode. A successful exploit can allow the attacker to cross a security boundary. The vulnerability is also associated with insufficient argument checking in the iControl REST interface, which can be exploited by a remote attacker to bypass existing security restrictions.

Recommendations For BIG-IP, consider disabling access to the undisclosed iControl REST endpoint until a patch is available. As a temporary workaround, restrict the use of the Administrator role to minimize the risk of exploitation. Avoid using the vulnerable iControl REST interface in Appliance mode until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.