CVE-2022-41617

Published Oct 19, 2022

Last updated 2 years ago

CVSS high 7.2

Overview

Description: In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.
Source: f5sirt@f5.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

f5sirt@f5.com: CWE-77

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "625271D0-BEC2-4C5D-9FBF-02BAECC09623",
            "versionEndExcluding": "13.1.5.1",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "347F77D0-D727-4851-94AD-D624A4655B11",
            "versionEndExcluding": "14.1.5.1",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E436AE2-6440-49EF-BCC3-D69F6931386E",
            "versionEndExcluding": "15.1.6.1",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1256CDF-2016-468E-B44B-5D2E7F487361",
            "versionEndExcluding": "16.1.3.1",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87CE70BA-48FA-4DFD-A2C2-2A91578E38CC",
            "versionEndExcluding": "13.1.5.1",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4FFADE1-6D10-412B-84F2-AD6895EF8196",
            "versionEndExcluding": "14.1.5.1",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E51349F-E198-4643-A10D-6C1D35E10F0D",
            "versionEndExcluding": "15.1.6.1",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "179FECCD-2795-4194-BED0-18CFEF792E9F",
            "versionEndExcluding": "16.1.3.1",
            "versionStartIncluding": "16.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References