- 244/2022
- Critical
F5 has released security updates for October 2022 to address several vulnerabilities across multiple products.
The remote attacker could exploit some of these vulnerabilities to take control of the affected system, disclose information, escalate privileges and cause a denial of service.
Samples of the addressed vulnerabilities:
1. F5 BIG-IP Advanced WAF and ASM iControl REST vulnerability (CVE-2022-41617):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
2. F5 BIG-IP iRules vulnerability (CVE-2022-41624):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
The list of vulnerabilities can be found in the following link:
Mitigations
The enterprise should deploy the patch as soon as the testing phase is completed.