CVE-2022-23026

Published: Jan 25, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected (10)

Products: F5: Big Ip Advanced Web Application Firewall, Big Ip Application Acceleration Manager

2 products

Big Ip Advanced Web Application Firewall

Big Ip Application Acceleration Manager

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Advanced Web Application Firewall	From 12.1.0 to 12.1.6
F5 Big Ip Advanced Web Application Firewall	From 13.1.0 to 13.1.4
F5 Big Ip Advanced Web Application Firewall	From 14.1.0 to 14.1.4
F5 Big Ip Advanced Web Application Firewall	From 15.1.0 to 15.1.4
F5 Big Ip Advanced Web Application Firewall	From 16.0.0 to 16.1.1
F5 Big Ip Application Acceleration Manager	From 12.1.0 to 12.1.6
F5 Big Ip Application Acceleration Manager	From 13.1.0 to 13.1.4
F5 Big Ip Application Acceleration Manager	From 14.1.0 to 14.1.4
F5 Big Ip Application Acceleration Manager	From 15.1.0 to 15.1.4
F5 Big Ip Application Acceleration Manager	From 16.0.0 to 16.1.1

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://support.f5.com/csp/article/K08402414

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K08402414

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.