CVE-2022-41800

HIGH EXPLOITED NUCLEI

BIG-IP - Auth Bypass

Title source: llm

Description

In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Exploits (2)

vulncheck_xdb WORKING POC

remote

https://github.com/j-baines/tippa-my-tongue

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Ron Bowes · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/f5_icontrol_rpmspec_rce_cve_2022_41800.rb

View Code ZIP pw:eip

Nuclei Templates (1)

F5 BIG-IP Appliance Mode - Command Injection

HIGHVERIFIEDby dwisiswant0

Shodan: http.title:"big-ip®-+redirect" +"server" || http.html:"big-ip apm"

FOFA: body="big-ip apm" || title="big-ip®-+redirect" +"server"

References (1)

[Vendor Advisory] https://support.f5.com/csp/article/K13325942

Scores

CVSS v3 8.7

EPSS 0.9268

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Details

VulnCheck KEV 2023-12-13

CWE

CWE-77

Status published

Products (21)

f5/big-ip_access_policy_manager 17.0.0

f5/big-ip_access_policy_manager 13.1.0 - 13.1.5

f5/big-ip_advanced_firewall_manager 13.1.0 - 17.0.0

f5/big-ip_analytics 17.0.0

f5/big-ip_analytics 13.1.0 - 13.1.5

f5/big-ip_application_acceleration_manager 17.0.0

f5/big-ip_application_acceleration_manager 13.1.0 - 13.1.5

f5/big-ip_application_security_manager 17.0.0

f5/big-ip_application_security_manager 13.1.0 - 13.1.5

f5/big-ip_domain_name_system 17.0.0

... and 11 more

Published Dec 07, 2022

Tracked Since Feb 18, 2026