Lucene search
F5CVE-2022-41833HistoryOct 19, 2022 - 10:15 p.m.
CVE-2022-41833
2022-10-1922:15:13
CWE-400
f5
web.nvd.nist.gov
41
4
cve-2022-41833
big-ip
irule
http::collect
tmm
security vulnerability
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.7
Confidence
High
EPSS
0.001
Percentile
38.4%
In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.
Affected configurations
Node
f5big-ip_access_policy_managerRange13.1.0β13.1.5
ORf5big-ip_advanced_firewall_managerRange13.1.0β13.1.5
ORf5big-ip_analyticsRange13.1.0β13.1.5
ORf5big-ip_application_acceleration_managerRange13.1.0β13.1.5
ORf5big-ip_application_security_managerRange13.1.0β13.1.5
ORf5big-ip_domain_name_systemRange13.1.0β13.1.5
ORf5big-ip_fraud_protection_serviceRange13.1.0β13.1.5
ORf5big-ip_global_traffic_managerRange13.1.0β13.1.5
ORf5big-ip_link_controllerRange13.1.0β13.1.5
ORf5big-ip_local_traffic_managerRange13.1.0β13.1.5
ORf5big-ip_policy_enforcement_managerRange13.1.0β13.1.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| f5 | big-ip_access_policy_manager | * | cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_advanced_firewall_manager | * | cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_analytics | * | cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* |
| f5 | big-ip_application_acceleration_manager | * | cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_application_security_manager | * | cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_domain_name_system | * | cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* |
| f5 | big-ip_fraud_protection_service | * | cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* |
| f5 | big-ip_global_traffic_manager | * | cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_link_controller | * | cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* |
| f5 | big-ip_local_traffic_manager | * | cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "F5",
"product": "BIG-IP",
"versions": [
{
"version": "17.0.0",
"status": "unaffected",
"lessThan": "17.0.x*",
"versionType": "custom"
},
{
"version": "16.1.x",
"status": "unaffected",
"lessThanOrEqual": "16.1.0",
"versionType": "custom"
},
{
"version": "15.1.0",
"status": "unaffected",
"lessThan": "15.1.x*",
"versionType": "custom"
},
{
"version": "14.1.0",
"status": "unaffected",
"lessThan": "14.1.x*",
"versionType": "custom"
},
{
"version": "13.1.0",
"status": "affected",
"lessThan": "13.1.x*",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
prion
prion
Command injection
2022-10-19 22:15:00
nvd
nvd
CVE-2022-41833
2022-10-19 22:15:13
nessus
nessus
F5 Networks BIG-IP : BIG-IP iRules vulnerability (K69940053)
2023-06-14 00:00:00
cvelist
cvelist
CVE-2022-41833 BIG-IP iRule vulnerability CVE-2022-41833
2022-10-19 21:24:25
f5
f5
K30425568 : Overview of F5 vulnerabilities (October 2022)
2022-10-19 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.7
Confidence
High
EPSS
0.001
Percentile
38.4%
Related for CVE-2022-41833