Lucene search

[email protected]CVE-2022-35728

HistoryAug 04, 2022 - 6:15 p.m.

CVE-2022-35728

2022-08-0418:15:10

CWE-613

[email protected]

web.nvd.nist.gov

big-ip

big-iq

vulnerability

cve-2022-35728

security issue

authentication

icontrol rest

token

software version

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.4%

JSON

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user’s iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected configurations

NVD

Node

f5big-ip_access_policy_managerRange13.1.0–13.1.5

f5big-ip_access_policy_managerRange14.1.0–14.1.5.1

f5big-ip_access_policy_managerRange15.1.0–15.1.6.1

f5big-ip_access_policy_managerRange16.1.0–16.1.3.1

f5big-ip_access_policy_managerMatch17.0.0

f5big-ip_advanced_firewall_managerRange13.1.0–13.1.5

f5big-ip_advanced_firewall_managerRange14.1.0–14.1.5.1

f5big-ip_advanced_firewall_managerRange15.1.0–15.1.6.1

f5big-ip_advanced_firewall_managerRange16.1.0–16.1.3.1

f5big-ip_advanced_firewall_managerMatch17.0.0

f5big-ip_analyticsRange13.1.0–13.1.5

f5big-ip_analyticsRange14.1.0–14.1.5.1

f5big-ip_analyticsRange15.1.0–15.1.6.1

f5big-ip_analyticsRange16.1.0–16.1.3.1

f5big-ip_analyticsMatch17.0.0

f5big-ip_application_acceleration_managerRange13.1.0–13.1.5

f5big-ip_application_acceleration_managerRange14.1.0–14.1.5.1

f5big-ip_application_acceleration_managerRange15.1.0–15.1.6.1

f5big-ip_application_acceleration_managerRange16.1.0–16.1.3.1

f5big-ip_application_acceleration_managerMatch17.0.0

f5big-ip_application_security_managerRange13.1.0–13.1.5

f5big-ip_application_security_managerRange14.1.0–14.1.5.1

f5big-ip_application_security_managerRange15.1.0–15.1.6.1

f5big-ip_application_security_managerRange16.1.0–16.1.3.1

f5big-ip_application_security_managerMatch17.0.0

f5big-ip_domain_name_systemRange13.1.0–13.1.5

f5big-ip_domain_name_systemRange14.1.0–14.1.5.1

f5big-ip_domain_name_systemRange15.1.0–15.1.6.1

f5big-ip_domain_name_systemRange16.1.0–16.1.3.1

f5big-ip_domain_name_systemMatch17.0.0

f5big-ip_fraud_protection_serviceRange13.1.0–13.1.5

f5big-ip_fraud_protection_serviceRange14.1.0–14.1.5.1

f5big-ip_fraud_protection_serviceRange15.1.0–15.1.6.1

f5big-ip_fraud_protection_serviceRange16.1.0–16.1.3.1

f5big-ip_fraud_protection_serviceMatch17.0.0

f5big-ip_global_traffic_managerRange13.1.0–13.1.5

f5big-ip_global_traffic_managerRange14.1.0–14.1.5.1

f5big-ip_global_traffic_managerRange15.1.0–15.1.6.1

f5big-ip_global_traffic_managerRange16.1.0–16.1.3.1

f5big-ip_global_traffic_managerMatch17.0.0

f5big-ip_link_controllerRange13.1.0–13.1.5

f5big-ip_link_controllerRange14.1.0–14.1.5.1

f5big-ip_link_controllerRange15.1.0–15.1.6.1

f5big-ip_link_controllerRange16.1.0–16.1.3.1

f5big-ip_link_controllerMatch17.0.0

f5big-ip_local_traffic_managerRange13.1.0–13.1.5

f5big-ip_local_traffic_managerRange14.1.0–14.1.5.1

f5big-ip_local_traffic_managerRange15.1.0–15.1.6.1

f5big-ip_local_traffic_managerRange16.1.0–16.1.3.1

f5big-ip_local_traffic_managerMatch17.0.0

f5big-ip_policy_enforcement_managerRange13.1.0–13.1.5

f5big-ip_policy_enforcement_managerRange14.1.0–14.1.5.1

f5big-ip_policy_enforcement_managerRange15.1.0–15.1.6.1

f5big-ip_policy_enforcement_managerRange16.1.0–16.1.3.1

f5big-ip_policy_enforcement_managerMatch17.0.0

f5big-iq_centralized_managementMatch7.0.0

f5big-iq_centralized_managementMatch7.1.0

f5big-iq_centralized_managementMatch8.0.0

f5big-iq_centralized_managementMatch8.1.0

CPENameOperatorVersion
f5:big-ip_access_policy_managerf5 big-ip access policy managerle13.1.5
f5:big-ip_access_policy_managerf5 big-ip access policy managerlt14.1.5.1
f5:big-ip_access_policy_managerf5 big-ip access policy managerlt15.1.6.1
f5:big-ip_access_policy_managerf5 big-ip access policy managerlt16.1.3.1
f5:big-ip_access_policy_managerf5 big-ip access policy managereq17.0.0
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managerle13.1.5
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managerlt14.1.5.1
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managerlt15.1.6.1
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managerlt16.1.3.1
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managereq17.0.0

CPE	Name	Operator	Version
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	le	13.1.5
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	lt	14.1.5.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	lt	15.1.6.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	lt	16.1.3.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	17.0.0
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	le	13.1.5
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	lt	14.1.5.1
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	lt	15.1.6.1
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	lt	16.1.3.1
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	eq	17.0.0

Rows per page:

1-10 of 591

CNA Affected

[
  {
    "product": "BIG-IP",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "13.1.x*",
        "status": "affected",
        "version": "13.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "14.1.5.1",
        "status": "affected",
        "version": "14.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1.6.1",
        "status": "affected",
        "version": "15.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "16.1.3.1",
        "status": "affected",
        "version": "16.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "17.0.0.1",
        "status": "affected",
        "version": "17.0.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "BIG-IQ Centralized Management",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "8.2.0",
        "status": "affected",
        "version": "8.0.x",
        "versionType": "custom"
      },
      {
        "lessThan": "7.x*",
        "status": "affected",
        "version": "7.0.0",
        "versionType": "custom"
      }
    ]
  }
]