Lucene search

K
cveF5CVE-2022-31473
HistoryAug 04, 2022 - 6:15 p.m.

CVE-2022-31473

2022-08-0418:15:09
CWE-22
f5
web.nvd.nist.gov
52
5
big-ip
directory traversal
vulnerability
iapps
security boundary

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

25.8%

In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected configurations

Nvd
Node
f5big-ip_access_policy_managerRange15.1.015.1.4
OR
f5big-ip_access_policy_managerMatch16.1.0
VendorProductVersionCPE
f5big-ip_access_policy_manager*cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
f5big-ip_access_policy_manager16.1.0cpe:2.3:a:f5:big-ip_access_policy_manager:16.1.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "BIG-IP APM",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "13.1.x*",
        "status": "unaffected",
        "version": "13.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "14.1.x*",
        "status": "unaffected",
        "version": "14.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1.4",
        "status": "affected",
        "version": "15.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "16.1.1",
        "status": "affected",
        "version": "16.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "17.0.x*",
        "status": "unaffected",
        "version": "17.0.0",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

25.8%

Related for CVE-2022-31473