Lucene search

F5CVE-2022-35728

HistoryAug 04, 2022 - 6:15 p.m.

CVE-2022-35728

2022-08-0418:15:10

CWE-613

web.nvd.nist.gov

big-ip

big-iq

vulnerability

cve-2022-35728

security issue

authentication

icontrol rest

token

software version

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user’s iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected configurations

Nvd

Node

f5big-ip_access_policy_managerRange13.1.0–13.1.5

f5big-ip_access_policy_managerRange14.1.0–14.1.5.1

f5big-ip_access_policy_managerRange15.1.0–15.1.6.1

f5big-ip_access_policy_managerRange16.1.0–16.1.3.1

f5big-ip_access_policy_managerMatch17.0.0

f5big-ip_advanced_firewall_managerRange13.1.0–13.1.5

f5big-ip_advanced_firewall_managerRange14.1.0–14.1.5.1

f5big-ip_advanced_firewall_managerRange15.1.0–15.1.6.1

f5big-ip_advanced_firewall_managerRange16.1.0–16.1.3.1

f5big-ip_advanced_firewall_managerMatch17.0.0

f5big-ip_analyticsRange13.1.0–13.1.5

f5big-ip_analyticsRange14.1.0–14.1.5.1

f5big-ip_analyticsRange15.1.0–15.1.6.1

f5big-ip_analyticsRange16.1.0–16.1.3.1

f5big-ip_analyticsMatch17.0.0

f5big-ip_application_acceleration_managerRange13.1.0–13.1.5

f5big-ip_application_acceleration_managerRange14.1.0–14.1.5.1

f5big-ip_application_acceleration_managerRange15.1.0–15.1.6.1

f5big-ip_application_acceleration_managerRange16.1.0–16.1.3.1

f5big-ip_application_acceleration_managerMatch17.0.0

f5big-ip_application_security_managerRange13.1.0–13.1.5

f5big-ip_application_security_managerRange14.1.0–14.1.5.1

f5big-ip_application_security_managerRange15.1.0–15.1.6.1

f5big-ip_application_security_managerRange16.1.0–16.1.3.1

f5big-ip_application_security_managerMatch17.0.0

f5big-ip_domain_name_systemRange13.1.0–13.1.5

f5big-ip_domain_name_systemRange14.1.0–14.1.5.1

f5big-ip_domain_name_systemRange15.1.0–15.1.6.1

f5big-ip_domain_name_systemRange16.1.0–16.1.3.1

f5big-ip_domain_name_systemMatch17.0.0

f5big-ip_fraud_protection_serviceRange13.1.0–13.1.5

f5big-ip_fraud_protection_serviceRange14.1.0–14.1.5.1

f5big-ip_fraud_protection_serviceRange15.1.0–15.1.6.1

f5big-ip_fraud_protection_serviceRange16.1.0–16.1.3.1

f5big-ip_fraud_protection_serviceMatch17.0.0

f5big-ip_global_traffic_managerRange13.1.0–13.1.5

f5big-ip_global_traffic_managerRange14.1.0–14.1.5.1

f5big-ip_global_traffic_managerRange15.1.0–15.1.6.1

f5big-ip_global_traffic_managerRange16.1.0–16.1.3.1

f5big-ip_global_traffic_managerMatch17.0.0

f5big-ip_link_controllerRange13.1.0–13.1.5

f5big-ip_link_controllerRange14.1.0–14.1.5.1

f5big-ip_link_controllerRange15.1.0–15.1.6.1

f5big-ip_link_controllerRange16.1.0–16.1.3.1

f5big-ip_link_controllerMatch17.0.0

f5big-ip_local_traffic_managerRange13.1.0–13.1.5

f5big-ip_local_traffic_managerRange14.1.0–14.1.5.1

f5big-ip_local_traffic_managerRange15.1.0–15.1.6.1

f5big-ip_local_traffic_managerRange16.1.0–16.1.3.1

f5big-ip_local_traffic_managerMatch17.0.0

f5big-ip_policy_enforcement_managerRange13.1.0–13.1.5

f5big-ip_policy_enforcement_managerRange14.1.0–14.1.5.1

f5big-ip_policy_enforcement_managerRange15.1.0–15.1.6.1

f5big-ip_policy_enforcement_managerRange16.1.0–16.1.3.1

f5big-ip_policy_enforcement_managerMatch17.0.0

f5big-iq_centralized_managementMatch7.0.0

f5big-iq_centralized_managementMatch7.1.0

f5big-iq_centralized_managementMatch8.0.0

f5big-iq_centralized_managementMatch8.1.0

VendorProductVersionCPE
f5big-ip_access_policy_manager*cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
f5big-ip_access_policy_manager17.0.0cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager*cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager17.0.0cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:*:*:*:*:*:*:*
f5big-ip_analytics*cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
f5big-ip_analytics17.0.0cpe:2.3:a:f5:big-ip_analytics:17.0.0:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager*cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager17.0.0cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.0.0:*:*:*:*:*:*:*
f5big-ip_application_security_manager*cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
f5big-ip_application_security_manager17.0.0cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_access_policy_manager	*	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
f5	big-ip_access_policy_manager	17.0.0	cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:::::::*
f5	big-ip_advanced_firewall_manager	*	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
f5	big-ip_advanced_firewall_manager	17.0.0	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:::::::*
f5	big-ip_analytics	*	cpe:2.3:a:f5:big-ip_analytics::::::::
f5	big-ip_analytics	17.0.0	cpe:2.3:a:f5:big-ip_analytics:17.0.0:::::::*
f5	big-ip_application_acceleration_manager	*	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
f5	big-ip_application_acceleration_manager	17.0.0	cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.0.0:::::::*
f5	big-ip_application_security_manager	*	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
f5	big-ip_application_security_manager	17.0.0	cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:::::::*

Rows per page:

1-10 of 261

CNA Affected

[
  {
    "product": "BIG-IP",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "13.1.x*",
        "status": "affected",
        "version": "13.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "14.1.5.1",
        "status": "affected",
        "version": "14.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1.6.1",
        "status": "affected",
        "version": "15.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "16.1.3.1",
        "status": "affected",
        "version": "16.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "17.0.0.1",
        "status": "affected",
        "version": "17.0.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "BIG-IQ Centralized Management",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "8.2.0",
        "status": "affected",
        "version": "8.0.x",
        "versionType": "custom"
      },
      {
        "lessThan": "7.x*",
        "status": "affected",
        "version": "7.0.0",
        "versionType": "custom"
      }
    ]
  }
]