Lucene search
F5CVELIST:CVE-2022-41836HistoryOct 19, 2022 - 9:25 p.m.
CVE-2022-41836 BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836
2022-10-1921:25:43
CWE-20
f5
www.cve.org
2
cve-2022-41836
big-ip advanced waf
asm
security policy
virtual server
bd process termination
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
38.4%
When an ‘Attack Signature False Positive Mode’ enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.
CNA Affected
[
{
"vendor": "F5",
"product": "BIG-IP Advanced WAF & ASM",
"versions": [
{
"version": "17.0.x",
"status": "affected",
"lessThan": "17.0.0.1",
"versionType": "custom"
},
{
"version": "16.1.x",
"status": "affected",
"lessThan": "16.1.3.1",
"versionType": "custom"
},
{
"version": "15.1.x",
"status": "affected",
"lessThan": "15.1.7",
"versionType": "custom"
},
{
"version": "14.1.0",
"status": "unaffected",
"lessThan": "14.1.x*",
"versionType": "custom"
},
{
"version": "13.1.0",
"status": "unaffected",
"lessThan": "13.1.x*",
"versionType": "custom"
}
]
}
]References
Related
f5
f5
K47204506 : BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836
2022-10-19 00:00:00
K30425568 : Overview of F5 vulnerabilities (October 2022)
2022-10-19 00:00:00
prion
prion
Code injection
2022-10-19 22:15:00
cve
cve
CVE-2022-41836
2022-10-19 22:15:13
nvd
nvd
CVE-2022-41836
2022-10-19 22:15:13
nessus
nessus
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
38.4%
Related for CVELIST:CVE-2022-41836