CVE-2022-28695 - Vulnerability Details

Vendors	Products
F5	Big-ip Advanced Firewall Manager

Link	Providers
https://support.f5.com/csp/article/K08510472

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "BIG-IP AFM", "vendor": "F5", "versions": [{"status": "unaffected", "version": "12.1.x"}, {"status": "unaffected", "version": "11.6.x"}, {"lessThan": "17.0.x*", "status": "unaffected", "version": "17.0.0", "versionType": "custom"}, {"lessThan": "16.1.2.2", "status": "affected", "version": "16.1.x", "versionType": "custom"}, {"lessThan": "15.1.5.1", "status": "affected", "version": "15.1.x", "versionType": "custom"}, {"lessThan": "14.1.4.6", "status": "affected", "version": "14.1.x", "versionType": "custom"}, {"lessThan": "13.1.5", "status": "affected", "version": "13.1.x", "versionType": "custom"}]}], "datePublic": "2022-05-04T00:00:00", "descriptions": [{"lang": "en", "value": "On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-05T16:34:25", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.f5.com/csp/article/K08510472"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "DATE_PUBLIC": "2022-05-04T14:00:00.000Z", "ID": "CVE-2022-28695", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIG-IP AFM", "version": {"version_data": [{"version_affected": "!>=", "version_name": "17.0.x", "version_value": "17.0.0"}, {"version_affected": "<", "version_name": "16.1.x", "version_value": "16.1.2.2"}, {"version_affected": "<", "version_name": "15.1.x", "version_value": "15.1.5.1"}, {"version_affected": "<", "version_name": "14.1.x", "version_value": "14.1.4.6"}, {"version_affected": "<", "version_name": "13.1.x", "version_value": "13.1.5"}, {"version_affected": "!", "version_name": "12.1.x", "version_value": "12.1.x"}, {"version_affected": "!", "version_name": "11.6.x", "version_value": "11.6.x"}]}}]}, "vendor_name": "F5"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K08510472", "refsource": "MISC", "url": "https://support.f5.com/csp/article/K08510472"}]}, "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:03:51.975Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.f5.com/csp/article/K08510472"}]}]}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2022-28695", "datePublished": "2022-05-05T16:34:25.946676Z", "dateReserved": "2022-04-19T00:00:00", "dateUpdated": "2024-09-17T02:31:19.942Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : BIG-IP AFM (string)

vendor : F5 (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 12.1.x (string)

}

1 : { »

status : unaffected (string)

version : 11.6.x (string)

}

2 : { »

lessThan : 17.0.x* (string)

status : unaffected (string)

version : 17.0.0 (string)

versionType : custom (string)

}

3 : { »

lessThan : 16.1.2.2 (string)

status : affected (string)

version : 16.1.x (string)

versionType : custom (string)

}

4 : { »

lessThan : 15.1.5.1 (string)

status : affected (string)

version : 15.1.x (string)

versionType : custom (string)

}

5 : { »

lessThan : 14.1.4.6 (string)

status : affected (string)

version : 14.1.x (string)

versionType : custom (string)

}

6 : { »

lessThan : 13.1.5 (string)

status : affected (string)

version : 13.1.x (string)

versionType : custom (string)

}

]

}

]

datePublic : 2022-05-04T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.2 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-20 (string)

description : CWE-20 Improper Input Validation (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-05-05T16:34:25 (string)

orgId : 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab (string)

shortName : f5 (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://support.f5.com/csp/article/K08510472 (string)

}

]

source : { »

discovery : INTERNAL (string)

}

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : f5sirt@f5.com (string)

DATE_PUBLIC : 2022-05-04T14:00:00.000Z (string)

ID : CVE-2022-28695 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : BIG-IP AFM (string)

version : { »

version_data : [ »

0 : { »

version_affected : !>= (string)

version_name : 17.0.x (string)

version_value : 17.0.0 (string)

}

1 : { »

version_affected : < (string)

version_name : 16.1.x (string)

version_value : 16.1.2.2 (string)

}

2 : { »

version_affected : < (string)

version_name : 15.1.x (string)

version_value : 15.1.5.1 (string)

}

3 : { »

version_affected : < (string)

version_name : 14.1.x (string)

version_value : 14.1.4.6 (string)

}

4 : { »

version_affected : < (string)

version_name : 13.1.x (string)

version_value : 13.1.5 (string)

}

5 : { »

version_affected : ! (string)

version_name : 12.1.x (string)

version_value : 12.1.x (string)

}

6 : { »

version_affected : ! (string)

version_name : 11.6.x (string)

version_value : 11.6.x (string)

}

]

}

]

}

vendor_name : F5 (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated (string)

}

]

}

generator : { »

engine : Vulnogram 0.0.9 (string)

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.2 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-20 Improper Input Validation (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://support.f5.com/csp/article/K08510472 (string)

refsource : MISC (string)

url : https://support.f5.com/csp/article/K08510472 (string)

}

]

}

source : { »

discovery : INTERNAL (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T06:03:51.975Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://support.f5.com/csp/article/K08510472 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab (string)

assignerShortName : f5 (string)

cveId : CVE-2022-28695 (string)

datePublished : 2022-05-05T16:34:25.946676Z (string)

dateReserved : 2022-04-19T00:00:00 (string)

dateUpdated : 2024-09-17T02:31:19.942Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "76EAD6EA-811F-4193-A83D-E70A9A53AFC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "EEE9857F-4A59-4A9E-821C-BAF3AB450155", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F691A4ED-EB2A-4FF1-B701-02F3A966BA40", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "26DE1D99-5118-4DC4-8B37-E9448378B64D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "200AC72D-719D-4663-BE05-C9C7826DEA68", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4BFA5B4-AFC0-4E4C-A4E7-ED7BFDC3411F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "987AEEE0-9301-4F36-BB52-9C260741522F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "51A3D5FE-1B2D-44F3-83DF-BBB3DFBA2DBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "189D37B0-49A3-4369-8F85-325355BE5B29", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "71B7081C-A869-402A-9C58-219B3225DB70", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA89EA2D-9053-4B84-AE93-208F7640750B", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "153BBF00-C7A3-4654-A4F4-2F3DD54A5814", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3BCA2C3F-7E1E-48EA-92CF-1AF5274F5012", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "950A7D6C-DCA1-4B8E-B3C2-15F1845FF0D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "5788C636-64A1-4A9A-BB1A-EBC4ED80C59E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:16.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "48F2498F-8691-4325-8B3D-E56A5CE3F3D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:16.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "CF19BEB3-1624-433C-9C6C-BE71752A5FCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:16.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "85E54209-6418-4ECE-91EE-A36D82E4AFD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C8332960-4AAE-4101-8FFF-2D07B6479BD4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}, {"lang": "es", "value": "En F5 BIG-IP AFM versiones 16.1.x anteriores a 16.1.2.2, en las versiones 15.1.x anteriores a 15.1.5.1, en las versiones 14.1.x anteriores a 14.1.4.6 y en las versiones 13.1.x anteriores a 13.1.5, un atacante autenticado con altos privilegios puede cargar un archivo maliciosamente dise\u00f1ado en la utilidad de configuraci\u00f3n de BIG-IP AFM, lo que permite a un atacante ejecutar comandos arbitrarios. Nota: Las versiones de software que han alcanzado el Fin del Soporte T\u00e9cnico (EoTS) no son evaluadas"}], "id": "CVE-2022-28695", "lastModified": "2024-11-21T06:57:45.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "f5sirt@f5.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-05T17:15:14.270", "references": [{"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K08510472"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K08510472"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "f5sirt@f5.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 76EAD6EA-811F-4193-A83D-E70A9A53AFC0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : EEE9857F-4A59-4A9E-821C-BAF3AB450155 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : F691A4ED-EB2A-4FF1-B701-02F3A966BA40 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 26DE1D99-5118-4DC4-8B37-E9448378B64D (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 200AC72D-719D-4663-BE05-C9C7826DEA68 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B4BFA5B4-AFC0-4E4C-A4E7-ED7BFDC3411F (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 987AEEE0-9301-4F36-BB52-9C260741522F (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 51A3D5FE-1B2D-44F3-83DF-BBB3DFBA2DBD (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 189D37B0-49A3-4369-8F85-325355BE5B29 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 71B7081C-A869-402A-9C58-219B3225DB70 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : AA89EA2D-9053-4B84-AE93-208F7640750B (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 153BBF00-C7A3-4654-A4F4-2F3DD54A5814 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 3BCA2C3F-7E1E-48EA-92CF-1AF5274F5012 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 950A7D6C-DCA1-4B8E-B3C2-15F1845FF0D3 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 5788C636-64A1-4A9A-BB1A-EBC4ED80C59E (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:16.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 48F2498F-8691-4325-8B3D-E56A5CE3F3D8 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:16.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : CF19BEB3-1624-433C-9C6C-BE71752A5FCF (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:16.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 85E54209-6418-4ECE-91EE-A36D82E4AFD8 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C8332960-4AAE-4101-8FFF-2D07B6479BD4 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated (string)

}

1 : { »

lang : es (string)

value : En F5 BIG-IP AFM versiones 16.1.x anteriores a 16.1.2.2, en las versiones 15.1.x anteriores a 15.1.5.1, en las versiones 14.1.x anteriores a 14.1.4.6 y en las versiones 13.1.x anteriores a 13.1.5, un atacante autenticado con altos privilegios puede cargar un archivo maliciosamente diseñado en la utilidad de configuración de BIG-IP AFM, lo que permite a un atacante ejecutar comandos arbitrarios. Nota: Las versiones de software que han alcanzado el Fin del Soporte Técnico (EoTS) no son evaluadas (string)

}

]

id : CVE-2022-28695 (string)

lastModified : 2024-11-21T06:57:45.350 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.2 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.2 (number)

impactScore : 5.9 (number)

source : f5sirt@f5.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.2 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.2 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-05-05T17:15:14.270 (string)

references : [ »

0 : { »

source : f5sirt@f5.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.f5.com/csp/article/K08510472 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.f5.com/csp/article/K08510472 (string)

}

]

sourceIdentifier : f5sirt@f5.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : f5sirt@f5.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object