What is the severity of CVE-2022-1388?

CVE-2022-1388 is classified as a critical vulnerability with a high risk of remote code execution, allowing attackers to manipulate files and disable services.

How do I fix CVE-2022-1388?

To remediate CVE-2022-1388, you should upgrade F5 BIG-IP software to the versions specified in the security advisory, specifically 16.1.2.2 or later for 16.1.x, 15.1.5.1 or later for 15.1.x, and so on.

What are the affected versions of F5 BIG-IP related to CVE-2022-1388?

CVE-2022-1388 affects several F5 BIG-IP versions, including 16.1.x prior to 16.1.2.2, 15.1.x prior to 15.1.5.1, and 14.1.x versions prior to specified versions.

Can CVE-2022-1388 be exploited by unauthenticated users?

Yes, CVE-2022-1388 can be exploited by unauthenticated users, enabling remote code execution without requiring valid credentials.

What are the potential impacts of CVE-2022-1388?

The vulnerability CVE-2022-1388 can lead to severe consequences such as remote code execution, unauthorized file manipulation, and service disruptions.

Vulnerability/
CVE-2022-1388

Exploited

critical

9.8

CWE

306

5/5/2022

29/1/2025

CVE-2022-1388: F5 BIG-IP Missing Authentication Vulnerability

First published: Thu May 05 2022(Updated: )

F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.

Credit: f5sirt@f5.com f5sirt@f5.com f5sirt@f5.com

Affected Software	Affected Version	How to fix
F5 BIG-IP
F5 BIG-IP Access Policy Manager	>=11.6.1<=11.6.5
F5 BIG-IP Access Policy Manager	>=12.1.0<=12.1.6
F5 BIG-IP Access Policy Manager	>=13.1.0<13.1.5
F5 BIG-IP Access Policy Manager	>=14.1.0<14.1.4.6
F5 BIG-IP Access Policy Manager	>=15.1.0<15.1.5.1
F5 BIG-IP Access Policy Manager	>=16.1.0<16.1.2.2
F5 BIG-IP Advanced Firewall Manager	>=11.6.1<=11.6.5
F5 BIG-IP Advanced Firewall Manager	>=12.1.0<=12.1.6
F5 BIG-IP Advanced Firewall Manager	>=13.1.0<13.1.5
F5 BIG-IP Advanced Firewall Manager	>=14.1.0<14.1.4.6
F5 BIG-IP Advanced Firewall Manager	>=15.1.0<15.1.5.1
F5 BIG-IP Advanced Firewall Manager	>=16.1.0<16.1.2.2
F5 BIG-IP Analytics	>=11.6.1<=11.6.5
F5 BIG-IP Analytics	>=12.1.0<=12.1.6
F5 BIG-IP Analytics	>=13.1.0<13.1.5
F5 BIG-IP Analytics	>=14.1.0<14.1.4.6
F5 BIG-IP Analytics	>=15.1.0<15.1.5.1
F5 BIG-IP Analytics	>=16.1.0<16.1.2.2
f5 big-ip application acceleration manager	>=11.6.1<=11.6.5
f5 big-ip application acceleration manager	>=12.1.0<=12.1.6
f5 big-ip application acceleration manager	>=13.1.0<13.1.5
f5 big-ip application acceleration manager	>=14.1.0<14.1.4.6
f5 big-ip application acceleration manager	>=15.1.0<15.1.5.1
f5 big-ip application acceleration manager	>=16.1.0<16.1.2.2
F5 BIG-IP Application Security Manager	>=11.6.1<=11.6.5
F5 BIG-IP Application Security Manager	>=12.1.0<=12.1.6
F5 BIG-IP Application Security Manager	>=13.1.0<13.1.5
F5 BIG-IP Application Security Manager	>=14.1.0<14.1.4.6
F5 BIG-IP Application Security Manager	>=15.1.0<15.1.5.1
F5 BIG-IP Application Security Manager	>=16.1.0<16.1.2.2
f5 big-ip domain name system	>=11.6.1<=11.6.5
f5 big-ip domain name system	>=12.1.0<=12.1.6
f5 big-ip domain name system	>=13.1.0<13.1.5
f5 big-ip domain name system	>=14.1.0<14.1.4.6
f5 big-ip domain name system	>=15.1.0<15.1.5.1
f5 big-ip domain name system	>=16.1.0<16.1.2.2
f5 big-ip fraud protection service	>=11.6.1<=11.6.5
f5 big-ip fraud protection service	>=12.1.0<=12.1.6
f5 big-ip fraud protection service	>=13.1.0<13.1.5
f5 big-ip fraud protection service	>=14.1.0<14.1.4.6
f5 big-ip fraud protection service	>=15.1.0<15.1.5.1
f5 big-ip fraud protection service	>=16.1.0<16.1.2.2
F5 BIG-IP Global Traffic Manager	>=11.6.1<=11.6.5
F5 BIG-IP Global Traffic Manager	>=12.1.0<=12.1.6
F5 BIG-IP Global Traffic Manager	>=13.1.0<13.1.5
F5 BIG-IP Global Traffic Manager	>=14.1.0<14.1.4.6
F5 BIG-IP Global Traffic Manager	>=15.1.0<15.1.5.1
F5 BIG-IP Global Traffic Manager	>=16.1.0<16.1.2.2
f5 big-ip link controller	>=11.6.1<=11.6.5
f5 big-ip link controller	>=12.1.0<=12.1.6
f5 big-ip link controller	>=13.1.0<13.1.5
f5 big-ip link controller	>=14.1.0<14.1.4.6
f5 big-ip link controller	>=15.1.0<15.1.5.1
f5 big-ip link controller	>=16.1.0<16.1.2.2
F5 BIG-IP Local Traffic Manager	>=11.6.1<=11.6.5
F5 BIG-IP Local Traffic Manager	>=12.1.0<=12.1.6
F5 BIG-IP Local Traffic Manager	>=13.1.0<13.1.5
F5 BIG-IP Local Traffic Manager	>=14.1.0<14.1.4.6
F5 BIG-IP Local Traffic Manager	>=15.1.0<15.1.5.1
F5 BIG-IP Local Traffic Manager	>=16.1.0<16.1.2.2
F5 BIG-IP Policy Enforcement Manager	>=11.6.1<=11.6.5
F5 BIG-IP Policy Enforcement Manager	>=12.1.0<=12.1.6
F5 BIG-IP Policy Enforcement Manager	>=13.1.0<13.1.5
F5 BIG-IP Policy Enforcement Manager	>=14.1.0<14.1.4.6
F5 BIG-IP Policy Enforcement Manager	>=15.1.0<15.1.5.1
F5 BIG-IP Policy Enforcement Manager	>=16.1.0<16.1.2.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-1388?
CVE-2022-1388 is classified as a critical vulnerability with a high risk of remote code execution, allowing attackers to manipulate files and disable services.
How do I fix CVE-2022-1388?
To remediate CVE-2022-1388, you should upgrade F5 BIG-IP software to the versions specified in the security advisory, specifically 16.1.2.2 or later for 16.1.x, 15.1.5.1 or later for 15.1.x, and so on.
What are the affected versions of F5 BIG-IP related to CVE-2022-1388?
CVE-2022-1388 affects several F5 BIG-IP versions, including 16.1.x prior to 16.1.2.2, 15.1.x prior to 15.1.5.1, and 14.1.x versions prior to specified versions.
Can CVE-2022-1388 be exploited by unauthenticated users?
Yes, CVE-2022-1388 can be exploited by unauthenticated users, enabling remote code execution without requiring valid credentials.
What are the potential impacts of CVE-2022-1388?
The vulnerability CVE-2022-1388 can lead to severe consequences such as remote code execution, unauthorized file manipulation, and service disruptions.

collector/nvd-index
collector/nvd-api
agent/type
agent/title
agent/weakness
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2024-26026
alias/CVE-2024-21793
alias/CVE-2023-46747
alias/CVE-2023-46748
alias/CVE-2022-1388
agent/description
agent/severity
alias/CVE-2024-24919
alias/CVE-2024-3400
alias/CVE-2019-19781
alias/CVE-2023-3519
collector/the-register
source/The Register
agent/references
agent/author
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/event
agent/first-publish-date
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/trending
agent/source
agent/tags
exploited/true
ransomware/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup-request
vendor/f5
canonical/f5 big-ip access policy manager
version/f5 big-ip access policy manager/11.6.1
version/f5 big-ip access policy manager/11.6.5
version/f5 big-ip access policy manager/12.1.0
version/f5 big-ip access policy manager/12.1.6
version/f5 big-ip access policy manager/13.1.0
version/f5 big-ip access policy manager/14.1.0
version/f5 big-ip access policy manager/15.1.0
version/f5 big-ip access policy manager/16.1.0
canonical/f5 big-ip advanced firewall manager
version/f5 big-ip advanced firewall manager/11.6.1
version/f5 big-ip advanced firewall manager/11.6.5
version/f5 big-ip advanced firewall manager/12.1.0
version/f5 big-ip advanced firewall manager/12.1.6
version/f5 big-ip advanced firewall manager/13.1.0
version/f5 big-ip advanced firewall manager/14.1.0
version/f5 big-ip advanced firewall manager/15.1.0
version/f5 big-ip advanced firewall manager/16.1.0
canonical/f5 big-ip analytics
version/f5 big-ip analytics/11.6.1
version/f5 big-ip analytics/11.6.5
version/f5 big-ip analytics/12.1.0
version/f5 big-ip analytics/12.1.6
version/f5 big-ip analytics/13.1.0
version/f5 big-ip analytics/14.1.0
version/f5 big-ip analytics/15.1.0
version/f5 big-ip analytics/16.1.0
canonical/f5 big-ip application acceleration manager
version/f5 big-ip application acceleration manager/11.6.1
version/f5 big-ip application acceleration manager/11.6.5
version/f5 big-ip application acceleration manager/12.1.0
version/f5 big-ip application acceleration manager/12.1.6
version/f5 big-ip application acceleration manager/13.1.0
version/f5 big-ip application acceleration manager/14.1.0
version/f5 big-ip application acceleration manager/15.1.0
version/f5 big-ip application acceleration manager/16.1.0
canonical/f5 big-ip application security manager
version/f5 big-ip application security manager/11.6.1
version/f5 big-ip application security manager/11.6.5
version/f5 big-ip application security manager/12.1.0
version/f5 big-ip application security manager/12.1.6
version/f5 big-ip application security manager/13.1.0
version/f5 big-ip application security manager/14.1.0
version/f5 big-ip application security manager/15.1.0
version/f5 big-ip application security manager/16.1.0
canonical/f5 big-ip domain name system
version/f5 big-ip domain name system/11.6.1
version/f5 big-ip domain name system/11.6.5
version/f5 big-ip domain name system/12.1.0
version/f5 big-ip domain name system/12.1.6
version/f5 big-ip domain name system/13.1.0
version/f5 big-ip domain name system/14.1.0
version/f5 big-ip domain name system/15.1.0
version/f5 big-ip domain name system/16.1.0
canonical/f5 big-ip fraud protection service
version/f5 big-ip fraud protection service/11.6.1
version/f5 big-ip fraud protection service/11.6.5
version/f5 big-ip fraud protection service/12.1.0
version/f5 big-ip fraud protection service/12.1.6
version/f5 big-ip fraud protection service/13.1.0
version/f5 big-ip fraud protection service/14.1.0
version/f5 big-ip fraud protection service/15.1.0
version/f5 big-ip fraud protection service/16.1.0
canonical/f5 big-ip global traffic manager
version/f5 big-ip global traffic manager/11.6.1
version/f5 big-ip global traffic manager/11.6.5
version/f5 big-ip global traffic manager/12.1.0
version/f5 big-ip global traffic manager/12.1.6
version/f5 big-ip global traffic manager/13.1.0
version/f5 big-ip global traffic manager/14.1.0
version/f5 big-ip global traffic manager/15.1.0
version/f5 big-ip global traffic manager/16.1.0
canonical/f5 big-ip link controller
version/f5 big-ip link controller/11.6.1
version/f5 big-ip link controller/11.6.5
version/f5 big-ip link controller/12.1.0
version/f5 big-ip link controller/12.1.6
version/f5 big-ip link controller/13.1.0
version/f5 big-ip link controller/14.1.0
version/f5 big-ip link controller/15.1.0
version/f5 big-ip link controller/16.1.0
canonical/f5 big-ip local traffic manager
version/f5 big-ip local traffic manager/11.6.1
version/f5 big-ip local traffic manager/11.6.5
version/f5 big-ip local traffic manager/12.1.0
version/f5 big-ip local traffic manager/12.1.6
version/f5 big-ip local traffic manager/13.1.0
version/f5 big-ip local traffic manager/14.1.0
version/f5 big-ip local traffic manager/15.1.0
version/f5 big-ip local traffic manager/16.1.0
canonical/f5 big-ip policy enforcement manager
version/f5 big-ip policy enforcement manager/11.6.1
version/f5 big-ip policy enforcement manager/11.6.5
version/f5 big-ip policy enforcement manager/12.1.0
version/f5 big-ip policy enforcement manager/12.1.6
version/f5 big-ip policy enforcement manager/13.1.0
version/f5 big-ip policy enforcement manager/14.1.0
version/f5 big-ip policy enforcement manager/15.1.0
version/f5 big-ip policy enforcement manager/16.1.0
canonical/f5 big-ip

CVE-2022-1388: F5 BIG-IP Missing Authentication Vulnerability

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-1388?

How do I fix CVE-2022-1388?

What are the affected versions of F5 BIG-IP related to CVE-2022-1388?

Can CVE-2022-1388 be exploited by unauthenticated users?

What are the potential impacts of CVE-2022-1388?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2022-1388?

How do I fix CVE-2022-1388?

What are the affected versions of F5 BIG-IP related to CVE-2022-1388?

Can CVE-2022-1388 be exploited by unauthenticated users?

What are the potential impacts of CVE-2022-1388?