CVE-2022-27634

Published: May 5, 2022Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected (2)

Products: F5: Big Ip Access Policy Manager

1 product

Big Ip Access Policy Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 15.1.0 to 15.1.5.1
F5 Big Ip Access Policy Manager	From 16.1.0 to 16.1.2.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://support.f5.com/csp/article/K57555833

Source: f5sirt@f5.com

MitigationVendor Advisory

https://support.f5.com/csp/article/K57555833

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.