Researchers at the cybersecurity company Rapid7 have found a number of flaws and other potential security problems that could affect F5 products.
Midway through August, Rapid7 informed the vendor of its findings, which were made public on Wednesday, the same day that F5 issued advisories to customers warning them of the security flaws and the availability of engineering hotfixes. The majority of the issues are security bypass techniques that F5 does not consider vulnerabilities.
However, two of the problems identified by Rapid7 researchers have been categorized as high-severity remote code execution vulnerabilities and given CVE identifiers. CVE-2022-41622, a cross-site request forgery (CSRF) flaw affecting BIG-IP and BIG-IQ products, is the most serious vulnerability.