CVE-2022-33962

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.f5.com/csp/article/K80970653	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.0.0:::::::*

History

10 Aug 2022, 23:42

Type	Values Removed	Values Added
CPE		cpe:2.3:a:f5:big-ip_advanced_firewall_manager:::::::: cpe:2.3:a:f5:big-ip_local_traffic_manager:17.0.0:::::::* cpe:2.3:a:f5:big-ip_application_security_manager:::::::: cpe:2.3:a:f5:big-ip_fraud_protection_service:::::::: cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:::::::* cpe:2.3:a:f5:big-ip_analytics:::::::: cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.0.0:::::::* cpe:2.3:a:f5:big-ip_fraud_protection_service:17.0.0:::::::* cpe:2.3:a:f5:big-ip_local_traffic_manager:::::::: cpe:2.3:a:f5:big-ip_analytics:17.0.0:::::::* cpe:2.3:a:f5:big-ip_application_acceleration_manager:::::::: cpe:2.3:a:f5:big-ip_access_policy_manager:::::::: cpe:2.3:a:f5:big-ip_link_controller:::::::: cpe:2.3:a:f5:big-ip_domain_name_system:::::::: cpe:2.3:a:f5:big-ip_domain_name_system:17.0.0:::::::* cpe:2.3:a:f5:big-ip_policy_enforcement_manager:::::::: cpe:2.3:a:f5:big-ip_global_traffic_manager:::::::: cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:::::::* cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:::::::* cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.0.0:::::::* cpe:2.3:a:f5:big-ip_link_controller:17.0.0:::::::* cpe:2.3:a:f5:big-ip_global_traffic_manager:17.0.0:::::::*
References	~~(MISC) https://support.f5.com/csp/article/K80970653 -~~	(MISC) https://support.f5.com/csp/article/K80970653 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.7

04 Aug 2022, 18:34

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-04 18:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-33962

Mitre link : CVE-2022-33962

CVE.ORG link : CVE-2022-33962

JSON object : View

Products Affected

big-ip_application_security_manager
big-ip_fraud_protection_service
big-ip_link_controller
big-ip_advanced_firewall_manager
big-ip_global_traffic_manager
big-ip_application_acceleration_manager
big-ip_domain_name_system
big-ip_policy_enforcement_manager
big-ip_local_traffic_manager
big-ip_analytics
big-ip_access_policy_manager

CWE

CWE-269

Improper Privilege Management

6.7 /10