CVE-2022-28716

Published May 5, 2022

Last updated 2 years ago

CVSS high 8.8

Overview

Description: On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Source: f5sirt@f5.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

f5sirt@f5.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61D1B91F-8672-4947-AF9A-F635679D0FB7",
            "versionEndIncluding": "11.6.5",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E32CBE0-BFDC-4DCB-A365-2F3C4D680446",
            "versionEndIncluding": "12.1.6",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB153379-872C-4800-AF9E-4219559291FD",
            "versionEndExcluding": "13.1.5",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B12B864-CF0E-4015-B898-9FF24956898D",
            "versionEndExcluding": "14.1.4.6",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E336C11E-2544-4AD1-A16B-640DB335048F",
            "versionEndExcluding": "15.1.5.1",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B89C592-E704-4AA8-98EF-22E81A888D9F",
            "versionEndExcluding": "16.1.2.2",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7227953C-FB55-4B49-A021-1931AD567E13",
            "versionEndIncluding": "11.6.5",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A346B407-37FF-4C9C-9747-318126DC1BB6",
            "versionEndIncluding": "12.1.6",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F51E9881-1E1A-4837-907E-B5793BBD23EC",
            "versionEndExcluding": "13.1.5",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BF30980-241A-4AD8-B9DB-87689CADFD1D",
            "versionEndExcluding": "14.1.4.6",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C156DAA3-D224-482D-A27B-AF4A147AE236",
            "versionEndExcluding": "15.1.5.1",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D82BA7E6-26FF-4A94-B6F6-CE578B8F9A18",
            "versionEndExcluding": "16.1.2.2",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53F940F3-6CF4-48C8-BFBF-4FE9B3A26D31",
            "versionEndIncluding": "11.6.5",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FBA5CDC-1989-4971-BD1B-F14E801F5017",
            "versionEndIncluding": "12.1.6",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFE503F5-17E8-4893-ABA9-2075180EBA82",
            "versionEndExcluding": "13.1.5",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83B25AE8-6158-4448-B096-58105102CD78",
            "versionEndExcluding": "14.1.4.6",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CA80562-DD10-47A8-8A9C-75056D8A81EC",
            "versionEndExcluding": "15.1.5.1",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C53D007-B6DD-447E-BA9A-5CE9137CAA80",
            "versionEndExcluding": "16.1.2.2",
            "versionStartIncluding": "16.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References