CVE-2022-41800 - F5 Big-ip Access Policy Manager, F5 Big-ip Domain Name System and F5 Big-ip Link Controller
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected software
F5 Big-ip Access Policy Manager
F5 Big-ip Domain Name System
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Global Traffic Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Application Security Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Application Acceleration Manager
F5 Big-ip Analytics