CVE-2022-41617

Published: Oct 19, 2022Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.

Affected (8)

Products: F5: Big Ip Advanced Web Application Firewall, Big Ip Application Security Manager

2 products

Big Ip Advanced Web Application Firewall

Big Ip Application Security Manager

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Advanced Web Application Firewall	From 13.1.0 to 13.1.5.1
F5 Big Ip Advanced Web Application Firewall	From 14.1.0 to 14.1.5.1
F5 Big Ip Advanced Web Application Firewall	From 15.1.0 to 15.1.6.1
F5 Big Ip Advanced Web Application Firewall	From 16.1.0 to 16.1.3.1
F5 Big Ip Application Security Manager	From 13.1.0 to 13.1.5.1
F5 Big Ip Application Security Manager	From 14.1.0 to 14.1.5.1
F5 Big Ip Application Security Manager	From 15.1.0 to 15.1.6.1
F5 Big Ip Application Security Manager	From 16.1.0 to 16.1.3.1

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

https://support.f5.com/csp/article/K11830089

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K11830089

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.