Industries

industries

  • Cyber Hub

    Cyber Hub

    Discover the latest threat intelligence

Case Studies

About us

  • We are Adarma

    We are Adarma

    Your partner for effective cyber threat management

  • ESG

    ESG

    Enabling a safer and more sustainable digital future

  • Our Partners

    Our Partners

    Working in partnership to make the world a safer place

Insights

  • Cyber Hub
    globe

    Cyber Hub

    Discover all the latest insights

  • News & Blog
    newspaper

    News & Blog

    Read all the latest news from our experts

  • Cyber Insiders
    microphone

    Cyber Insiders

    Listen to our Cyber Insiders podcast and read the magazine

  • Events
    calendar-dots

    Events

    Connect with our experts

Share:
November 21, 2022

Threat Advisory – CVE-2022-41622 CVE-2022-41800

21 November 2022 Published at 14.00

F5 have confirmed that they are aware of two high severity vulnerabilities impacting BIG-IP & BIG-IQ appliances, that may allow an attacker to gain control of these devices remotely, with full root level privileges.

CVE-2022-41622 relates to a vulnerability that permits cross-site request forgery (CSRF) attacks through the iControl SOAP. This is due to a specific iControl .cgi script set to execute with root level permissions, regardless of whether the requestor is authenticated, allowing Remote Code Execution (RCE) to be performed.

Proof of Concept (PoC) exploits for CVE-2022-41622 are available online, but there are currently no reports of this being exploited in the wild.

CVE-2022-41800 relates to a vulnerability whereby an authenticated & sufficiently privileged user can bypass Application Mode controls utilising an undisclosed iControl REST Endpoint, allowing an attacker to cross security boundaries.

CVE-2022-41622 – Vulnerable Versions

* An engineering hotfix is available for supported versions of BIG-IP.  Customers impacted by this issue can request a hotfix from F5 Support.

CVE-2022-41800 – Vulnerable Versions

* An engineering hotfix is available for supported versions of BIG-IP.  Customers impacted by this issue can request a hotfix from F5 Support.  Customers must also disable Basic Authentication for iControl SOAP.

 

Recommendations

Organisations who have F5 BIG-IP and/or BIG-IQ appliances not currently logging to Splunk should seek to do so at the earliest available opportunity.

Organisations should also contact F5 support to obtain the engineering hotfixes for their appliances.

Organisations who are unable to deploy these engineering hotfixes should follow vendor-recommended mitigations:

 

If you are unsure if your organisation may be affected by this vulnerability please contact the Adarma team on help@adarma.com and one of our experts will be in touch.

 

 

Related Posts

Explore all
Blog
Jul 2025

Scattered Spider Targets Aviation and Insurance: What You Need to Know

Podcast
Jun 2025

Cyber Insiders: The Cyber Impact of Rising Tensions in the Middle East

Threat Advisory
Jun 2025

Threat Advisory: Israel-Iran Conflict Rising Hacktivism and UK Exposure

Contact Us