vulnerability

F5 Networks: CVE-2022-41617: K11830089: BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:M/C:C/I:C/A:C)	Oct 19, 2022	Jul 31, 2024	Apr 1, 2026

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:C)

Published

Oct 19, 2022

Added

Jul 31, 2024

Modified

Apr 1, 2026

Description

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.

Solution

f5-big-ip-upgrade-latest

References

CVE-2022-41617
https://attackerkb.com/topics/CVE-2022-41617
CWE-77
EUVD-EUVD-2022-44808
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-44808
https://my.f5.com/manage/s/article/K11830089

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report