Lucene search

[email protected]CVE-2022-1389

HistoryMay 05, 2022 - 5:15 p.m.

CVE-2022-1389

2022-05-0517:15:10

CWE-352

[email protected]

web.nvd.nist.gov

cve-2022-1389

big-ip

csrf

vulnerability

nvd

security

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.8%

JSON

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping, traceroute, and WOM diagnostics. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected configurations

NVD

Node

f5big-ip_access_policy_managerMatch11.6.1

f5big-ip_access_policy_managerMatch11.6.2

f5big-ip_access_policy_managerMatch11.6.3

f5big-ip_access_policy_managerMatch11.6.4

f5big-ip_access_policy_managerMatch11.6.5

f5big-ip_access_policy_managerMatch12.1.0

f5big-ip_access_policy_managerMatch12.1.1

f5big-ip_access_policy_managerMatch12.1.2

f5big-ip_access_policy_managerMatch12.1.3

f5big-ip_access_policy_managerMatch12.1.4

f5big-ip_access_policy_managerMatch12.1.5

f5big-ip_access_policy_managerMatch12.1.6

f5big-ip_access_policy_managerMatch13.1.0

f5big-ip_access_policy_managerMatch13.1.1

f5big-ip_access_policy_managerMatch13.1.3

f5big-ip_access_policy_managerMatch13.1.4

f5big-ip_access_policy_managerMatch13.1.5

f5big-ip_access_policy_managerMatch14.1.0

f5big-ip_access_policy_managerMatch14.1.2

f5big-ip_access_policy_managerMatch14.1.3

f5big-ip_access_policy_managerMatch14.1.4

f5big-ip_access_policy_managerMatch15.1.0

f5big-ip_access_policy_managerMatch15.1.1

f5big-ip_access_policy_managerMatch15.1.2

f5big-ip_access_policy_managerMatch15.1.3

f5big-ip_access_policy_managerMatch15.1.4

f5big-ip_access_policy_managerMatch15.1.5

f5big-ip_access_policy_managerMatch16.1.0

f5big-ip_access_policy_managerMatch16.1.1

f5big-ip_access_policy_managerMatch16.1.2

f5big-ip_access_policy_managerMatch17.0.0

f5big-ip_advanced_firewall_managerMatch11.6.1

f5big-ip_advanced_firewall_managerMatch11.6.2

f5big-ip_advanced_firewall_managerMatch11.6.3

f5big-ip_advanced_firewall_managerMatch11.6.4

f5big-ip_advanced_firewall_managerMatch11.6.5

f5big-ip_advanced_firewall_managerMatch12.1.0

f5big-ip_advanced_firewall_managerMatch12.1.1

f5big-ip_advanced_firewall_managerMatch12.1.2

f5big-ip_advanced_firewall_managerMatch12.1.3

f5big-ip_advanced_firewall_managerMatch12.1.4

f5big-ip_advanced_firewall_managerMatch12.1.5

f5big-ip_advanced_firewall_managerMatch12.1.6

f5big-ip_advanced_firewall_managerMatch13.1.0

f5big-ip_advanced_firewall_managerMatch13.1.1

f5big-ip_advanced_firewall_managerMatch13.1.3

f5big-ip_advanced_firewall_managerMatch13.1.4

f5big-ip_advanced_firewall_managerMatch13.1.5

f5big-ip_advanced_firewall_managerMatch14.1.0

f5big-ip_advanced_firewall_managerMatch14.1.2

f5big-ip_advanced_firewall_managerMatch14.1.3

f5big-ip_advanced_firewall_managerMatch14.1.4

f5big-ip_advanced_firewall_managerMatch15.1.0

f5big-ip_advanced_firewall_managerMatch15.1.1

f5big-ip_advanced_firewall_managerMatch15.1.2

f5big-ip_advanced_firewall_managerMatch15.1.3

f5big-ip_advanced_firewall_managerMatch15.1.4

f5big-ip_advanced_firewall_managerMatch15.1.5

f5big-ip_advanced_firewall_managerMatch16.1.0

f5big-ip_advanced_firewall_managerMatch16.1.1

f5big-ip_advanced_firewall_managerMatch16.1.2

f5big-ip_advanced_firewall_managerMatch17.0.0

f5big-ip_analyticsMatch11.6.1

f5big-ip_analyticsMatch11.6.2

f5big-ip_analyticsMatch11.6.3

f5big-ip_analyticsMatch11.6.4

f5big-ip_analyticsMatch11.6.5

f5big-ip_analyticsMatch12.1.0

f5big-ip_analyticsMatch12.1.1

f5big-ip_analyticsMatch12.1.2

f5big-ip_analyticsMatch12.1.3

f5big-ip_analyticsMatch12.1.4

f5big-ip_analyticsMatch12.1.5

f5big-ip_analyticsMatch12.1.6

f5big-ip_analyticsMatch13.1.0

f5big-ip_analyticsMatch13.1.1

f5big-ip_analyticsMatch13.1.3

f5big-ip_analyticsMatch13.1.4

f5big-ip_analyticsMatch13.1.5

f5big-ip_analyticsMatch14.1.0

f5big-ip_analyticsMatch14.1.2

f5big-ip_analyticsMatch14.1.3

f5big-ip_analyticsMatch14.1.4

f5big-ip_analyticsMatch15.1.0

f5big-ip_analyticsMatch15.1.1

f5big-ip_analyticsMatch15.1.2

f5big-ip_analyticsMatch15.1.3

f5big-ip_analyticsMatch15.1.4

f5big-ip_analyticsMatch15.1.5

f5big-ip_analyticsMatch16.1.0

f5big-ip_analyticsMatch16.1.1

f5big-ip_analyticsMatch16.1.2

f5big-ip_analyticsMatch17.0.0

f5big-ip_application_acceleration_managerMatch11.6.1

f5big-ip_application_acceleration_managerMatch11.6.2

f5big-ip_application_acceleration_managerMatch11.6.3

f5big-ip_application_acceleration_managerMatch11.6.4

f5big-ip_application_acceleration_managerMatch11.6.5

f5big-ip_application_acceleration_managerMatch12.1.0

f5big-ip_application_acceleration_managerMatch12.1.1

f5big-ip_application_acceleration_managerMatch12.1.2

f5big-ip_application_acceleration_managerMatch12.1.3

f5big-ip_application_acceleration_managerMatch12.1.4

f5big-ip_application_acceleration_managerMatch12.1.5

f5big-ip_application_acceleration_managerMatch12.1.6

f5big-ip_application_acceleration_managerMatch13.1.0

f5big-ip_application_acceleration_managerMatch13.1.1

f5big-ip_application_acceleration_managerMatch13.1.3

f5big-ip_application_acceleration_managerMatch13.1.4

f5big-ip_application_acceleration_managerMatch13.1.5

f5big-ip_application_acceleration_managerMatch14.1.0

f5big-ip_application_acceleration_managerMatch14.1.2

f5big-ip_application_acceleration_managerMatch14.1.3

f5big-ip_application_acceleration_managerMatch14.1.4

f5big-ip_application_acceleration_managerMatch15.1.0

f5big-ip_application_acceleration_managerMatch15.1.1

f5big-ip_application_acceleration_managerMatch15.1.2

f5big-ip_application_acceleration_managerMatch15.1.3

f5big-ip_application_acceleration_managerMatch15.1.4

f5big-ip_application_acceleration_managerMatch15.1.5

f5big-ip_application_acceleration_managerMatch16.1.0

f5big-ip_application_acceleration_managerMatch16.1.1

f5big-ip_application_acceleration_managerMatch16.1.2

f5big-ip_application_acceleration_managerMatch17.0.0

f5big-ip_application_security_managerMatch11.6.1

f5big-ip_application_security_managerMatch11.6.2

f5big-ip_application_security_managerMatch11.6.3

f5big-ip_application_security_managerMatch11.6.4

f5big-ip_application_security_managerMatch11.6.5

f5big-ip_application_security_managerMatch12.1.0

f5big-ip_application_security_managerMatch12.1.1

f5big-ip_application_security_managerMatch12.1.2

f5big-ip_application_security_managerMatch12.1.3

f5big-ip_application_security_managerMatch12.1.4

f5big-ip_application_security_managerMatch12.1.5

f5big-ip_application_security_managerMatch12.1.6

f5big-ip_application_security_managerMatch13.1.0

f5big-ip_application_security_managerMatch13.1.1

f5big-ip_application_security_managerMatch13.1.3

f5big-ip_application_security_managerMatch13.1.4

f5big-ip_application_security_managerMatch13.1.5

f5big-ip_application_security_managerMatch14.1.0

f5big-ip_application_security_managerMatch14.1.2

f5big-ip_application_security_managerMatch14.1.3

f5big-ip_application_security_managerMatch14.1.4

f5big-ip_application_security_managerMatch15.1.0

f5big-ip_application_security_managerMatch15.1.1

f5big-ip_application_security_managerMatch15.1.2

f5big-ip_application_security_managerMatch15.1.3

f5big-ip_application_security_managerMatch15.1.4

f5big-ip_application_security_managerMatch15.1.5

f5big-ip_application_security_managerMatch16.1.0

f5big-ip_application_security_managerMatch16.1.1

f5big-ip_application_security_managerMatch16.1.2

f5big-ip_application_security_managerMatch17.0.0

f5big-ip_domain_name_systemMatch11.6.1

f5big-ip_domain_name_systemMatch11.6.2

f5big-ip_domain_name_systemMatch11.6.3

f5big-ip_domain_name_systemMatch11.6.4

f5big-ip_domain_name_systemMatch11.6.5

f5big-ip_domain_name_systemMatch12.1.0

f5big-ip_domain_name_systemMatch12.1.1

f5big-ip_domain_name_systemMatch12.1.2

f5big-ip_domain_name_systemMatch12.1.3

f5big-ip_domain_name_systemMatch12.1.4

f5big-ip_domain_name_systemMatch12.1.5

f5big-ip_domain_name_systemMatch12.1.6

f5big-ip_domain_name_systemMatch13.1.0

f5big-ip_domain_name_systemMatch13.1.1

f5big-ip_domain_name_systemMatch13.1.3

f5big-ip_domain_name_systemMatch13.1.4

f5big-ip_domain_name_systemMatch13.1.5

f5big-ip_domain_name_systemMatch14.1.0

f5big-ip_domain_name_systemMatch14.1.2

f5big-ip_domain_name_systemMatch14.1.3

f5big-ip_domain_name_systemMatch14.1.4

f5big-ip_domain_name_systemMatch15.1.0

f5big-ip_domain_name_systemMatch15.1.1

f5big-ip_domain_name_systemMatch15.1.2

f5big-ip_domain_name_systemMatch15.1.3

f5big-ip_domain_name_systemMatch15.1.4

f5big-ip_domain_name_systemMatch15.1.5

f5big-ip_domain_name_systemMatch16.1.0

f5big-ip_domain_name_systemMatch16.1.1

f5big-ip_domain_name_systemMatch16.1.2

f5big-ip_domain_name_systemMatch17.0.0

f5big-ip_fraud_protection_serviceMatch11.6.1

f5big-ip_fraud_protection_serviceMatch11.6.2

f5big-ip_fraud_protection_serviceMatch11.6.3

f5big-ip_fraud_protection_serviceMatch11.6.4

f5big-ip_fraud_protection_serviceMatch11.6.5

f5big-ip_fraud_protection_serviceMatch12.1.0

f5big-ip_fraud_protection_serviceMatch12.1.1

f5big-ip_fraud_protection_serviceMatch12.1.2

f5big-ip_fraud_protection_serviceMatch12.1.3

f5big-ip_fraud_protection_serviceMatch12.1.4

f5big-ip_fraud_protection_serviceMatch12.1.5

f5big-ip_fraud_protection_serviceMatch12.1.6

f5big-ip_fraud_protection_serviceMatch13.1.0

f5big-ip_fraud_protection_serviceMatch13.1.1

f5big-ip_fraud_protection_serviceMatch13.1.3

f5big-ip_fraud_protection_serviceMatch13.1.4

f5big-ip_fraud_protection_serviceMatch13.1.5

f5big-ip_fraud_protection_serviceMatch14.1.0

f5big-ip_fraud_protection_serviceMatch14.1.2

f5big-ip_fraud_protection_serviceMatch14.1.3

f5big-ip_fraud_protection_serviceMatch14.1.4

f5big-ip_fraud_protection_serviceMatch15.1.0

f5big-ip_fraud_protection_serviceMatch15.1.1

f5big-ip_fraud_protection_serviceMatch15.1.2

f5big-ip_fraud_protection_serviceMatch15.1.3

f5big-ip_fraud_protection_serviceMatch15.1.4

f5big-ip_fraud_protection_serviceMatch15.1.5

f5big-ip_fraud_protection_serviceMatch16.1.0

f5big-ip_fraud_protection_serviceMatch16.1.1

f5big-ip_fraud_protection_serviceMatch16.1.2

f5big-ip_fraud_protection_serviceMatch17.0.0

f5big-ip_global_traffic_managerMatch11.6.1

f5big-ip_global_traffic_managerMatch11.6.2

f5big-ip_global_traffic_managerMatch11.6.3

f5big-ip_global_traffic_managerMatch11.6.4

f5big-ip_global_traffic_managerMatch11.6.5

f5big-ip_global_traffic_managerMatch12.1.0

f5big-ip_global_traffic_managerMatch12.1.1

f5big-ip_global_traffic_managerMatch12.1.2

f5big-ip_global_traffic_managerMatch12.1.3

f5big-ip_global_traffic_managerMatch12.1.4

f5big-ip_global_traffic_managerMatch12.1.5

f5big-ip_global_traffic_managerMatch12.1.6

f5big-ip_global_traffic_managerMatch13.1.0

f5big-ip_global_traffic_managerMatch13.1.1

f5big-ip_global_traffic_managerMatch13.1.3

f5big-ip_global_traffic_managerMatch13.1.4

f5big-ip_global_traffic_managerMatch13.1.5

f5big-ip_global_traffic_managerMatch14.1.0

f5big-ip_global_traffic_managerMatch14.1.2

f5big-ip_global_traffic_managerMatch14.1.3

f5big-ip_global_traffic_managerMatch14.1.4

f5big-ip_global_traffic_managerMatch15.1.0

f5big-ip_global_traffic_managerMatch15.1.1

f5big-ip_global_traffic_managerMatch15.1.2

f5big-ip_global_traffic_managerMatch15.1.3

f5big-ip_global_traffic_managerMatch15.1.4

f5big-ip_global_traffic_managerMatch15.1.5

f5big-ip_global_traffic_managerMatch16.1.0

f5big-ip_global_traffic_managerMatch16.1.1

f5big-ip_global_traffic_managerMatch16.1.2

f5big-ip_global_traffic_managerMatch17.0.0

f5big-ip_link_controllerMatch11.6.1

f5big-ip_link_controllerMatch11.6.2

f5big-ip_link_controllerMatch11.6.3

f5big-ip_link_controllerMatch11.6.4

f5big-ip_link_controllerMatch11.6.5

f5big-ip_link_controllerMatch12.1.0

f5big-ip_link_controllerMatch12.1.1

f5big-ip_link_controllerMatch12.1.2

f5big-ip_link_controllerMatch12.1.3

f5big-ip_link_controllerMatch12.1.4

f5big-ip_link_controllerMatch12.1.5

f5big-ip_link_controllerMatch12.1.6

f5big-ip_link_controllerMatch13.1.0

f5big-ip_link_controllerMatch13.1.1

f5big-ip_link_controllerMatch13.1.3

f5big-ip_link_controllerMatch13.1.4

f5big-ip_link_controllerMatch13.1.5

f5big-ip_link_controllerMatch14.1.0

f5big-ip_link_controllerMatch14.1.2

f5big-ip_link_controllerMatch14.1.3

f5big-ip_link_controllerMatch14.1.4

f5big-ip_link_controllerMatch15.1.0

f5big-ip_link_controllerMatch15.1.1

f5big-ip_link_controllerMatch15.1.2

f5big-ip_link_controllerMatch15.1.3

f5big-ip_link_controllerMatch15.1.4

f5big-ip_link_controllerMatch15.1.5

f5big-ip_link_controllerMatch16.1.0

f5big-ip_link_controllerMatch16.1.1

f5big-ip_link_controllerMatch16.1.2

f5big-ip_link_controllerMatch17.0.0

f5big-ip_local_traffic_managerMatch11.6.1

f5big-ip_local_traffic_managerMatch11.6.2

f5big-ip_local_traffic_managerMatch11.6.3

f5big-ip_local_traffic_managerMatch11.6.4

f5big-ip_local_traffic_managerMatch11.6.5

f5big-ip_local_traffic_managerMatch12.1.0

f5big-ip_local_traffic_managerMatch12.1.1

f5big-ip_local_traffic_managerMatch12.1.2

f5big-ip_local_traffic_managerMatch12.1.3

f5big-ip_local_traffic_managerMatch12.1.4

f5big-ip_local_traffic_managerMatch12.1.5

f5big-ip_local_traffic_managerMatch12.1.6

f5big-ip_local_traffic_managerMatch13.1.0

f5big-ip_local_traffic_managerMatch13.1.1

f5big-ip_local_traffic_managerMatch13.1.3

f5big-ip_local_traffic_managerMatch13.1.4

f5big-ip_local_traffic_managerMatch13.1.5

f5big-ip_local_traffic_managerMatch14.1.0

f5big-ip_local_traffic_managerMatch14.1.2

f5big-ip_local_traffic_managerMatch14.1.3

f5big-ip_local_traffic_managerMatch14.1.4

f5big-ip_local_traffic_managerMatch15.1.0

f5big-ip_local_traffic_managerMatch15.1.1

f5big-ip_local_traffic_managerMatch15.1.2

f5big-ip_local_traffic_managerMatch15.1.3

f5big-ip_local_traffic_managerMatch15.1.4

f5big-ip_local_traffic_managerMatch15.1.5

f5big-ip_local_traffic_managerMatch16.1.0

f5big-ip_local_traffic_managerMatch16.1.1

f5big-ip_local_traffic_managerMatch16.1.2

f5big-ip_local_traffic_managerMatch17.0.0

f5big-ip_policy_enforcement_managerMatch11.6.1

f5big-ip_policy_enforcement_managerMatch11.6.2

f5big-ip_policy_enforcement_managerMatch11.6.3

f5big-ip_policy_enforcement_managerMatch11.6.4

f5big-ip_policy_enforcement_managerMatch11.6.5

f5big-ip_policy_enforcement_managerMatch12.1.0

f5big-ip_policy_enforcement_managerMatch12.1.1

f5big-ip_policy_enforcement_managerMatch12.1.2

f5big-ip_policy_enforcement_managerMatch12.1.3

f5big-ip_policy_enforcement_managerMatch12.1.4

f5big-ip_policy_enforcement_managerMatch12.1.5

f5big-ip_policy_enforcement_managerMatch12.1.6

f5big-ip_policy_enforcement_managerMatch13.1.0

f5big-ip_policy_enforcement_managerMatch13.1.1

f5big-ip_policy_enforcement_managerMatch13.1.3

f5big-ip_policy_enforcement_managerMatch13.1.4

f5big-ip_policy_enforcement_managerMatch13.1.5

f5big-ip_policy_enforcement_managerMatch14.1.0

f5big-ip_policy_enforcement_managerMatch14.1.2

f5big-ip_policy_enforcement_managerMatch14.1.3

f5big-ip_policy_enforcement_managerMatch14.1.4

f5big-ip_policy_enforcement_managerMatch15.1.0

f5big-ip_policy_enforcement_managerMatch15.1.1

f5big-ip_policy_enforcement_managerMatch15.1.2

f5big-ip_policy_enforcement_managerMatch15.1.3

f5big-ip_policy_enforcement_managerMatch15.1.4

f5big-ip_policy_enforcement_managerMatch15.1.5

f5big-ip_policy_enforcement_managerMatch16.1.0

f5big-ip_policy_enforcement_managerMatch16.1.1

f5big-ip_policy_enforcement_managerMatch16.1.2

f5big-ip_policy_enforcement_managerMatch17.0.0

CPENameOperatorVersion
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.6.1
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.6.2
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.6.3
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.6.4
f5:big-ip_access_policy_managerf5 big-ip access policy managereq11.6.5
f5:big-ip_access_policy_managerf5 big-ip access policy managereq12.1.0
f5:big-ip_access_policy_managerf5 big-ip access policy managereq12.1.1
f5:big-ip_access_policy_managerf5 big-ip access policy managereq12.1.2
f5:big-ip_access_policy_managerf5 big-ip access policy managereq12.1.3
f5:big-ip_access_policy_managerf5 big-ip access policy managereq12.1.4

CPE	Name	Operator	Version
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.6.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.6.2
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.6.3
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.6.4
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	11.6.5
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	12.1.0
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	12.1.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	12.1.2
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	12.1.3
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	12.1.4

Rows per page:

1-10 of 3411

CNA Affected

[
  {
    "product": "BIG-IP",
    "vendor": "F5",
    "versions": [
      {
        "status": "affected",
        "version": "16.1.x"
      },
      {
        "status": "affected",
        "version": "15.1.x"
      },
      {
        "status": "affected",
        "version": "14.1.x"
      },
      {
        "status": "affected",
        "version": "13.1.x"
      },
      {
        "status": "affected",
        "version": "12.1.x"
      },
      {
        "status": "affected",
        "version": "11.6.x"
      },
      {
        "lessThan": "17.0.x*",
        "status": "unaffected",
        "version": "17.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

support.f5.com/csp/article/K49905324

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.8%

JSON

Related for CVE-2022-1389

nessus1 cvelist1 nvd1 f52 prion1