Unrated severityCISA KEVNVD Advisory· Published May 5, 2022· Updated Oct 21, 2025
CVE-2022-1388
CVE-2022-1388
Description
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
5- packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.htmlmitre
- packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.htmlmitre
- packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.htmlmitre
- support.f5.com/csp/article/K23605346mitre
- www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/mitre
News mentions
1- Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersectTenable Blog · May 27, 2026