CVE-2022-41617
published 2022-10-19CVE-2022-41617: In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_advanced_waf | — | — |
| f5 | big-ip_advanced_waf_asm | >= 13.1.x < 13.1.5.1 | 13.1.5.1 |
| f5 | big-ip_advanced_waf_asm | >= 14.1.x < 14.1.5.1 | 14.1.5.1 |
| f5 | big-ip_advanced_waf_asm | >= 15.1.x < 15.1.6.1 | 15.1.6.1 |
| f5 | big-ip_advanced_waf_asm | >= 16.1.x < 16.1.3.1 | 16.1.3.1 |
| f5 | big-ip_advanced_web_application_firewall | >= 13.1.0 < 13.1.5.1 | 13.1.5.1 |
| f5 | big-ip_advanced_web_application_firewall | >= 14.1.0 < 14.1.5.1 | 14.1.5.1 |
| f5 | big-ip_advanced_web_application_firewall | >= 15.1.0 < 15.1.6.1 | 15.1.6.1 |
| f5 | big-ip_advanced_web_application_firewall | >= 16.1.0 < 16.1.3.1 | 16.1.3.1 |
| f5 | big-ip_application_security_manager | >= 13.1.0 < 13.1.5.1 | 13.1.5.1 |
| f5 | big-ip_application_security_manager | >= 14.1.0 < 14.1.5.1 | 14.1.5.1 |
| f5 | big-ip_application_security_manager | >= 15.1.0 < 15.1.6.1 | 15.1.6.1 |
| f5 | big-ip_application_security_manager | >= 16.1.0 < 16.1.3.1 | 16.1.3.1 |
| f5 | big-ip_asm | — | — |
| f5 | icontrol_rest | — | — |