- Home
- Alerts & Advisories
- Alerts
- Critical Vulnerability in BIG-IP iControl REST
Critical Vulnerability in BIG-IP iControl REST
5 May 2022
F5 has released security updates for the BIG-IP Application Delivery Controller, addressing multiple vulnerabilities including a critical vulnerability (CVE-2022-1388). The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10 and affects the iControl REST component.
Successful exploitation of the vulnerability could allow an unauthenticated attacker with network access on an affected BIG-IP system to execute arbitrary system commands, create or delete files, or disable services.
The following BIG-IP product versions are affected:
16.1.0 - 16.1.2
15.1.0 - 15.1.5
14.1.0 - 14.1.4
13.1.0 - 13.1.4
12.1.0 - 12.1.6
11.6.1 - 11.6.5
Administrators of the affected versions are advised to upgrade to the latest product versions immediately.
More information is available here: