Lucene search
HistoryOct 19, 2022 - 10:15 p.m.
CVE-2022-41833
big-ip
irule
http::collect
tmm
terminate
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
38.6%
In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.
Affected configurations
Node
f5big-ip_access_policy_managerRange13.1.0–13.1.5
ORf5big-ip_advanced_firewall_managerRange13.1.0–13.1.5
ORf5big-ip_analyticsRange13.1.0–13.1.5
ORf5big-ip_application_acceleration_managerRange13.1.0–13.1.5
ORf5big-ip_application_security_managerRange13.1.0–13.1.5
ORf5big-ip_domain_name_systemRange13.1.0–13.1.5
ORf5big-ip_fraud_protection_serviceRange13.1.0–13.1.5
ORf5big-ip_global_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_link_controllerRange13.1.0–13.1.5
ORf5big-ip_local_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_policy_enforcement_managerRange13.1.0–13.1.5
References
Related
prion
prion
Command injection
2022-10-19 22:15:00
cve
cve
CVE-2022-41833
2022-10-19 22:15:13
nessus
nessus
F5 Networks BIG-IP : BIG-IP iRules vulnerability (K69940053)
2023-06-14 00:00:00
cvelist
cvelist
CVE-2022-41833 BIG-IP iRule vulnerability CVE-2022-41833
2022-10-19 00:00:00
f5
f5
K30425568 : Overview of F5 vulnerabilities (October 2022)
2022-10-19 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
38.6%
Related for NVD:CVE-2022-41833