CVE-2022-26835Path Traversal in F5 Big-ip

CWE-22Path Traversal4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.5%
top 33.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
F5 Big-ipF5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall Manager+9 more
Timeline
PublishedMay 5
Latest updateMay 6

Description

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages12 packages

CVEListV5f5/big-ip16.1.x16.1.2.2+5
NVDf5/big-ip_analytics31 versions+30
NVDf5/big-ip_link_controller31 versions+30
NVDf5/big-ip_domain_name_system31 versions+30

🔴Vulnerability Details

2
GHSA
GHSA-2v4q-7r62-3cvj: On F5 BIG-IP 162022-05-06
CVEList
CVE-2022-26835: On F5 BIG-IP 162022-05-05

📋Vendor Advisories

1
F5
CVE-2022-26835: On F5 BIG-IP 162022-05-05
CVE-2022-26835 — Path Traversal in F5 Big-ip | cvebase