CVE-2022-35728 : Security Advisory and Response

A detailed analysis of the iControl REST vulnerability CVE-2022-35728 affecting F5 BIG-IP and BIG-IQ Centralized Management.

Understanding CVE-2022-20657

This section covers the impact, technical details, and mitigation strategies for the CVE-2022-35728 vulnerability.

What is CVE-2022-35728?

CVE-2022-35728 affects BIG-IP versions 13.1.x*, 14.1.x, 15.1.x, 16.1.x, 17.0.x, and BIG-IQ versions 7.x and 8.x. It allows an authenticated user's iControl REST token to remain valid after logging out from the Configuration utility.

The Impact of CVE-2022-35728

The vulnerability has a CVSS base score of 8.1, indicating a high severity risk with significant impacts on confidentiality, integrity, and availability of the affected systems.

Technical Details of CVE-2022-35728

This section provides specific technical information on the vulnerability.

Vulnerability Description

In BIG-IP and BIG-IQ versions mentioned above, the iControl REST token of an authenticated user can persist for a limited time post-logout, posing a security risk.

Affected Systems and Versions

Products affected include BIG-IP and BIG-IQ Centralized Management versions outlined in the vulnerability details.

Exploitation Mechanism

The vulnerability can be exploited by an authenticated user to potentially gain unauthorized access due to the persistent iControl REST token.

Mitigation and Prevention

This section discusses the steps to mitigate the CVE-2022-35728 vulnerability.

Immediate Steps to Take

Users should consider revoking active sessions, monitoring for unauthorized access, and implementing additional security measures.

Long-Term Security Practices

Regularly update and patch affected systems, enforce strong access controls, and conduct security audits to prevent similar vulnerabilities.

Patching and Updates

F5 may release patches or updates to address the iControl REST vulnerability. Stay informed of security advisories and apply patches promptly to secure the systems.