CVE-2022-41983Cleartext Transmission of Sensitive Info in F5 Big-ip

CWE-319Cleartext Transmission of Sensitive Info4 documents4 sources
Severity
3.7LOWNVD
EPSS
0.1%
top 67.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
F5 Big-ipF5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall Manager+17 more
Timeline
PublishedOct 19
Latest updateOct 20

Description

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages20 packages

CVEListV5f5/big-ip16.1.x16.1.3.1+3
NVDf5/big-ip_websafe14.1.014.1.5.1+3
NVDf5/big-ip_analytics14.1.014.1.5.1+3
NVDf5/big-ip_edge_gateway14.1.014.1.5.1+3
NVDf5/big-ip_webaccelerator14.1.014.1.5.1+3

🔴Vulnerability Details

2
GHSA
GHSA-jw28-8r7j-mr5p: On specific hardware platforms, on BIG-IP versions 162022-10-20
CVEList
BIG-IP TMM Vulnerability CVE-2022-419832022-10-19

📋Vendor Advisories

1
F5
CVE-2022-41983: On specific hardware platforms, on BIG-IP versions 162022-10-19
CVE-2022-41983 — F5 Big-ip vulnerability | cvebase