Unrated severityCISA KEVNVD Advisory· Published May 5, 2022· Updated Oct 21, 2025

CVE-2022-1388

Description

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected products

F5/BIG-IPv5
Range: 16.1.x

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.htmlmitre
packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.htmlmitre
packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.htmlmitre
support.f5.com/csp/article/K23605346mitre
www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.076
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.060