F5 has published a security advisory warning of a high-severity flaw in iControl SOAP. The format string vulnerability could be exploited to crash the iControl SOAP CGI process or execute arbitrary code. The vulnerability affects F5 BIG-IP versions 17.0.0; 16.1.2.2 – 16.1.3; 15.1.5.1 – 15.1.8; 14.1.4.6 – 14.1.5; and 13.1.5. Fixes are not yet available https://www.rapid7.com/blog/post/2023/02/01/cve-2023-22374-f5-big-ip-format-string-vulnerability/
