← Back

CVE-2022-27806

nvd nist
Published: May 5, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected (55)

F5
4 products
Big Ip Access Policy Manager
Big Ip Advanced Web Application Firewall
Big Ip Application Security Manager
Big Ip Guided Configuration
Configuration A
55 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Access Policy Manager
Version 13.1.0
Big Ip Access Policy Manager
Version 13.1.1
Big Ip Access Policy Manager
Version 13.1.3
Big Ip Access Policy Manager
Version 13.1.4
Big Ip Access Policy Manager
Version 13.1.5
Big Ip Access Policy Manager
Version 14.1.0
Big Ip Access Policy Manager
Version 14.1.2
Big Ip Access Policy Manager
Version 14.1.3
Big Ip Access Policy Manager
Version 14.1.4
Big Ip Access Policy Manager
Version 15.1.0
Big Ip Access Policy Manager
Version 15.1.1
Big Ip Access Policy Manager
Version 15.1.2
Big Ip Access Policy Manager
Version 15.1.3
Big Ip Access Policy Manager
Version 15.1.4
Big Ip Access Policy Manager
Version 15.1.5
Big Ip Access Policy Manager
Version 16.1.0
Big Ip Access Policy Manager
Version 16.1.1
Big Ip Access Policy Manager
Version 16.1.2
F5
Big Ip Advanced Web Application Firewall
Version 13.1.0
Big Ip Advanced Web Application Firewall
Version 13.1.1
Big Ip Advanced Web Application Firewall
Version 13.1.3
Big Ip Advanced Web Application Firewall
Version 13.1.4
Big Ip Advanced Web Application Firewall
Version 13.1.5
Big Ip Advanced Web Application Firewall
Version 14.1.0
Big Ip Advanced Web Application Firewall
Version 14.1.2
Big Ip Advanced Web Application Firewall
Version 14.1.3
Big Ip Advanced Web Application Firewall
Version 14.1.4
Big Ip Advanced Web Application Firewall
Version 15.1.0
Big Ip Advanced Web Application Firewall
Version 15.1.1
Big Ip Advanced Web Application Firewall
Version 15.1.2
Big Ip Advanced Web Application Firewall
Version 15.1.3
Big Ip Advanced Web Application Firewall
Version 15.1.4
Big Ip Advanced Web Application Firewall
Version 15.1.5
Big Ip Advanced Web Application Firewall
Version 16.1.0
Big Ip Advanced Web Application Firewall
Version 16.1.1
Big Ip Advanced Web Application Firewall
Version 16.1.2
F5
Big Ip Application Security Manager
Version 13.1.0
Big Ip Application Security Manager
Version 13.1.1
Big Ip Application Security Manager
Version 13.1.3
Big Ip Application Security Manager
Version 13.1.4
Big Ip Application Security Manager
Version 13.1.5
Big Ip Application Security Manager
Version 14.1.0
Big Ip Application Security Manager
Version 14.1.2
Big Ip Application Security Manager
Version 14.1.3
Big Ip Application Security Manager
Version 14.1.4
Big Ip Application Security Manager
Version 15.1.0
Big Ip Application Security Manager
Version 15.1.1
Big Ip Application Security Manager
Version 15.1.2
Big Ip Application Security Manager
Version 15.1.3
Big Ip Application Security Manager
Version 15.1.4
Big Ip Application Security Manager
Version 15.1.5
Big Ip Application Security Manager
Version 16.1.0
Big Ip Application Security Manager
Version 16.1.1
Big Ip Application Security Manager
Version 16.1.2
Big Ip Guided Configuration
Before 9.0

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

Source: f5sirt@f5.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.