F5 BIG-IP and BIG-IQ iControl SOAP input validation error vulnerability

2022-08-0300:00:00

China National Vulnerability Database

www.cnvd.org.cn

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

JSON

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An input validation error vulnerability exists in F5 BIG-IP and BIG-IQ iControl SOAP, which can be exploited by an authenticated attacker to cause iControl to become unavailable via an undisclosed request. SOAP becomes unavailable through an undisclosed request.

CPENameOperatorVersion
F5 Networks BIG-IQ >=14.1.0，le14.1.5
F5 Networks BIG-IQ >=16.1.0，le16.1.3
F5 BIG-IP (all modules) >=8.0.0，le8.2.0
F5 Networks BIG-IQ >=15.1.0，le15.1.6
F5 Networks BIG-IQ >=13.1.0，le13.1.5
F5 Networks BIG-IQeq17.0.0

Name	Operator	Version
F5 Networks BIG-IQ >=14.1.0，	le	14.1.5
F5 Networks BIG-IQ >=16.1.0，	le	16.1.3
F5 BIG-IP (all modules) >=8.0.0，	le	8.2.0
F5 Networks BIG-IQ >=15.1.0，	le	15.1.6
F5 Networks BIG-IQ >=13.1.0，	le	13.1.5
F5 Networks BIG-IQ	eq	17.0.0