CVE-2022-41836

Published Oct 19, 2022

Last updated 2 years ago

CVSS high 7.5

Overview

Description: When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.
Source: f5sirt@f5.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
f5sirt@f5.com: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B48B9A2-0402-461C-A3BC-2A54D3EBD51F",
            "versionEndExcluding": "15.1.7",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1256CDF-2016-468E-B44B-5D2E7F487361",
            "versionEndExcluding": "16.1.3.1",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A93FAFBD-B361-44AD-9EE5-EE595CAE9EDC"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAE8E3A1-0E66-4A4C-BA58-E22AEA8705F7",
            "versionEndExcluding": "15.1.7",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "179FECCD-2795-4194-BED0-18CFEF792E9F",
            "versionEndExcluding": "16.1.3.1",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9AB53DF-7335-462E-B8CD-44DF0DCE3826"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References