CVE-2022-23032

Published: Jan 25, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected (8)

Products: F5: Big Ip Access Policy Manager, Big Ip Access Policy Manager Client

2 products

Big Ip Access Policy Manager

Big Ip Access Policy Manager Client

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 11.6.1 to 11.6.5
F5 Big Ip Access Policy Manager	From 12.1.0 to 12.1.6
F5 Big Ip Access Policy Manager	From 13.1.0 to 13.1.4
F5 Big Ip Access Policy Manager	From 14.1.0 to 14.1.4
F5 Big Ip Access Policy Manager	From 15.1.0 to 15.1.5
F5 Big Ip Access Policy Manager	From 16.0.0 to 16.1.2
F5 Big Ip Access Policy Manager Client	From 7.1.6 to 7.1.9
F5 Big Ip Access Policy Manager Client	From 7.2.1 to 7.2.1.3

Related CWEs

CWE-346

Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

References (2)

https://support.f5.com/csp/article/K30525503

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K30525503

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.