CVE-2022-35243: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

CVE-2022-35243 is a security vulnerability affecting F5's BIG-IP appliances that allows authenticated administrators to bypass Appliance mode restrictions through an undisclosed iControl REST endpoint. The vulnerability affects BIG-IP versions 13.x through 17.x and was disclosed in August 2022 (NVD, Decipher).

The vulnerability is specifically related to the iControl REST functionality in BIG-IP systems. It affects the control plane but does not expose the data plane. The issue occurs when an authenticated user with Administrator role credentials can bypass the restrictions implemented in Appliance mode. This mode is typically enforced by specific licensing or can be configured for individual Virtual Clustered Multiprocessing (vCMP) guest instances (Decipher).

The vulnerability allows authenticated administrators to circumvent security controls specifically designed for Appliance mode. This could potentially lead to unauthorized system modifications and compromise the intended security posture of the affected BIG-IP systems (NVD).

F5 has released patches for this vulnerability as part of their August 3, 2022 security update. Organizations can mitigate the vulnerability by blocking access to the iControl REST interface through self IP addresses. This can be achieved by changing the Port Lockdown setting to 'Allow None' for each self IP address in the system (Decipher).