CVE-2022-1388

Question

roductBranchVersions known to be vulnerable1Fixes introduced inSeverityCVSSv3 score2Vulnerable component or featureBIG-IP (all modules)17.xNone17.0.0Critical9.8iControl REST16.x16.1.0 - 16.1.216.1.2.215.x15.1.0 - 15.1.515.1.5.114.x14.1.0 - 14.1.414.1.4.613.x13.1.0 - 13.1.413.1.512.x12.1.0 - 12.1.6Will not fix11.x11.6.1 - 11.6.5Will not fixso if I'm running 14.1.2.1 , I'm effcted of this vulnerability?&nbsp;

nmb-askf5 · Accepted Answer

Eveything from 14.1.0 to 14.1.4.x is vulnerable, up until 14.1.4.6, where the CVE has been fixed for the 14.1.x branch.&nbsp;
You can also simply upload a QKView to iHealth.&nbsp;&nbsp;
K27404821: Using F5 iHealth to diagnose vulnerabilities
AskF5 YouTube:&nbsp;Reviewing BIG-IP iHealth Diagnostics to determine potential system vulnerabilities
&nbsp;

&nbsp;

lidev · Answer

Hi,have you check the K article below ?  K51812227: Understanding security advisory versioning&nbsp;

the_blue · Answer

thank you, i will check.

kendall_brennei · Answer

K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388

&nbsp;

rutheaster · Answer

Thanks, I will also check those articles.

Forum Discussion

CVE-2022-1388

K27404821: Using F5 iHealth to diagnose vulnerabilities

AskF5 YouTube: Reviewing BIG-IP iHealth Diagnostics to determine potential system vulnerabilities

5 Replies

K27404821: Using F5 iHealth to diagnose vulnerabilities

AskF5 YouTube: Reviewing BIG-IP iHealth Diagnostics to determine potential system vulnerabilities

K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388

Recent Discussions

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Related Content

CVE-2022-1388 and 4000s

F5 Labs Publishes October Update to Sensor Intel Series

Top exploited vulnerabilities of 2022 and more - This Week in Security - Dec 26th to Dec 30th

Apple's New Rule & Google PlayStore Bypass -July 29th-4th Aug, 2023 - F5 SIRT-This Week in Security

A long week of breaches - Jan 7th - 13th, 2023, F5 SIRT - This Week in Security

roduct	Branch	Versions known to be vulnerable1	Fixes introduced in	Severity	CVSSv3 score2	Vulnerable component or feature
BIG-IP (all modules)	17.x	None	17.0.0	Critical	9.8	iControl REST
16.x	16.1.0 - 16.1.2	16.1.2.2
15.x	15.1.0 - 15.1.5	15.1.5.1
14.x	14.1.0 - 14.1.4	14.1.4.6
13.x	13.1.0 - 13.1.4	13.1.5
12.x	12.1.0 - 12.1.6	Will not fix
11.x	11.6.1 - 11.6.5	Will not fix