K97843387 : Overview of F5 vulnerabilities (November 2022)

2022-11-1600:00:00

my.f5.com

124

vulnerabilities

november 2022

distributed cloud

silverline

threat stack

high cves

icontrol soap

icontrol rest

AI Score

8.5

Confidence

High

EPSS

0.473

Percentile

97.5%

JSON

Security Advisory Description

On November 16, 2022, F5 announced the following issues. This document is intended to serve as an overview of these issues to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles.

Distributed Cloud and Managed Services

Service	Status
F5 Distributed Cloud Services	Does not affect or has been resolved
Silverline	Does not affect or has been resolved
Threat Stack	Does not affect or has been resolved

High CVEs
Improvements

High CVEs

Article (CVE)	CVSS score	Affected products	Affected versions1
K94221585: iControl SOAP vulnerability CVE-2022-41622	8.8	BIG-IP (all modules)	17.0.0
16.1.0 - 16.1.3
15.1.0 - 15.1.8
14.1.0 - 14.1.5
13.1.0 - 13.1.5	17.0.0.2
16.1.3.3
15.1.8.1
14.1.5.3
BIG-IQ Centralized Management	8.0.0 - 8.2.0
7.1.0	None
K13325942: Appliance mode iControl REST vulnerability CVE-2022-41800	8.7 - Appliance mode only	BIG-IP (all modules)	17.0.0
16.1.0 - 16.1.3
15.1.0 - 15.1.8
14.1.0 - 14.1.5
13.1.0 - 13.1.5	17.1.0
17.0.0.2
16.1.3.3
15.1.8.1
14.1.5.3

1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle.

Improvements

Article (Improvements)	Affected products	Affected versions1
K05403841: BIG-IP and BIG-IQ improvements disclosed by Rapid7	BIG-IP (all modules)	17.0.0
16.1.0 - 16.1.3
15.1.0 - 15.1.8
14.1.0 - 14.1.5
13.1.0 - 13.1.5	None
BIG-IQ Centralized Management	8.0.0 - 8.2.0
7.1.0	None