CVE-2022-28695

Published: May 5, 2022Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected (19)

Products: F5: Big Ip Advanced Firewall Manager

1 product

Big Ip Advanced Firewall Manager

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Advanced Firewall Manager	Version 13.1.0
F5 Big Ip Advanced Firewall Manager	Version 13.1.1
F5 Big Ip Advanced Firewall Manager	Version 13.1.3
F5 Big Ip Advanced Firewall Manager	Version 13.1.4
F5 Big Ip Advanced Firewall Manager	Version 13.1.5
F5 Big Ip Advanced Firewall Manager	Version 14.1.0
F5 Big Ip Advanced Firewall Manager	Version 14.1.2
F5 Big Ip Advanced Firewall Manager	Version 14.1.3
F5 Big Ip Advanced Firewall Manager	Version 14.1.4
F5 Big Ip Advanced Firewall Manager	Version 15.1.0
F5 Big Ip Advanced Firewall Manager	Version 15.1.1
F5 Big Ip Advanced Firewall Manager	Version 15.1.2
F5 Big Ip Advanced Firewall Manager	Version 15.1.3
F5 Big Ip Advanced Firewall Manager	Version 15.1.4
F5 Big Ip Advanced Firewall Manager	Version 15.1.5
F5 Big Ip Advanced Firewall Manager	Version 16.1.0
F5 Big Ip Advanced Firewall Manager	Version 16.1.1
F5 Big Ip Advanced Firewall Manager	Version 16.1.2
F5 Big Ip Advanced Firewall Manager	Version 17.0.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://support.f5.com/csp/article/K08510472

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K08510472

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.