CVE-2022-41813 — Improper Input Validation in F5 Big-ip AFM PEM

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.7%

top 28.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip AFM PEM F5 Big-ip Advanced Firewall Manager F5 Big-ip Policy Enforcement Manager

Timeline

PublishedOct 19

Latest updateOct 20

Description

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5f5/big-ip_afm_pem16.1.x — 16.1.3.1+3

▶NVDf5/big-ip_advanced_firewall_manager14.1.0 — 14.1.5+3

▶NVDf5/big-ip_policy_enforcement_manager14.1.0 — 14.1.5+3

🔴Vulnerability Details

GHSA

GHSA-3vw7-gqq2-ffcx: In versions 16↗2022-10-20

▶

CVEList

BIG-IP PEM and AFM TMUI, TMSH and iControl vulnerability CVE-2022-41813↗2022-10-19

▶

📋Vendor Advisories

CVE-2022-41813: In versions 16↗2022-10-19

▶