K68647001 : Authenticated F5 BIG-IP Guided Configuration in Appliance mode vulnerability CVE-2022-27806

2022-05-0400:00:00

my.f5.com

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.0%

JSON

Security Advisory Description

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. (CVE-2022-27806)

Impact

In Appliance mode, an authenticated attacker with valid credentials assigned the Administrator role may be able to bypass Appliance mode restrictions. This is a control plane issue; there is no data plane exposure. Appliance mode is enforced by a specific license or may be enabled or disabled for individual Virtual Clustered Multiprocessing (vCMP) guest instances. For more information about Appliance mode, refer to K12815: Overview of Appliance mode.

Note: For BIG-IP ASM Guided Configuration, an additional Advanced WAF license is required for it to be available in the Configuration utility Security menu.

CPENameOperatorVersion
f5 ssl orchestratoreq14.1.0
f5 ssl orchestratoreq14.1.2
f5 ssl orchestratoreq14.1.4
f5 ssl orchestratoreq15.1.0
f5 ssl orchestratoreq15.1.1
f5 ssl orchestratoreq16.1.0
f5 ssl orchestratoreq16.1.1
f5 ssl orchestratoreq16.1.2
f5 ssl orchestratoreq16.1.3
f5 ssl orchestratoreq17.0.0

Name	Operator	Version
f5 ssl orchestrator	eq	14.1.0
f5 ssl orchestrator	eq	14.1.2
f5 ssl orchestrator	eq	14.1.4
f5 ssl orchestrator	eq	15.1.0
f5 ssl orchestrator	eq	15.1.1
f5 ssl orchestrator	eq	16.1.0
f5 ssl orchestrator	eq	16.1.1
f5 ssl orchestrator	eq	16.1.2
f5 ssl orchestrator	eq	16.1.3
f5 ssl orchestrator	eq	17.0.0

Rows per page:

1-10 of 3831