Lucene search
F5CVELIST:CVE-2022-41833HistoryOct 19, 2022 - 12:00 a.m.
CVE-2022-41833 BIG-IP iRule vulnerability CVE-2022-41833
2022-10-1900:00:00
CWE-400
f5
www.cve.org
1
big-ip
irule
vulnerability
13.1.x
http::collect
tmm
terminate
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
38.6%
In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.
CNA Affected
[
{
"vendor": "F5",
"product": "BIG-IP",
"versions": [
{
"version": "17.0.0",
"status": "unaffected",
"lessThan": "17.0.x*",
"versionType": "custom"
},
{
"version": "16.1.x",
"status": "unaffected",
"lessThanOrEqual": "16.1.0",
"versionType": "custom"
},
{
"version": "15.1.0",
"status": "unaffected",
"lessThan": "15.1.x*",
"versionType": "custom"
},
{
"version": "14.1.0",
"status": "unaffected",
"lessThan": "14.1.x*",
"versionType": "custom"
},
{
"version": "13.1.0",
"status": "affected",
"lessThan": "13.1.x*",
"versionType": "custom"
}
]
}
]References
Related
prion
prion
Command injection
2022-10-19 22:15:00
nvd
nvd
CVE-2022-41833
2022-10-19 22:15:13
nessus
nessus
F5 Networks BIG-IP : BIG-IP iRules vulnerability (K69940053)
2023-06-14 00:00:00
cve
cve
CVE-2022-41833
2022-10-19 22:15:13
f5
f5
K30425568 : Overview of F5 vulnerabilities (October 2022)
2022-10-19 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
38.6%
Related for CVELIST:CVE-2022-41833