F5F5:K97843387K97843387 : Overview of F5 vulnerabilities (November 2022)
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.422 Medium
EPSS
Percentile
97.0%
Security Advisory Description
On November 16, 2022, F5 announced the following issues. This document is intended to serve as an overview of these issues to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles.
Distributed Cloud and Managed Services
| Service | Status |
|---|---|
| F5 Distributed Cloud Services | Does not affect or has been resolved |
| Silverline | Does not affect or has been resolved |
| Threat Stack | Does not affect or has been resolved |
- High CVEs
- Improvements
High CVEs
| Article (CVE) | CVSS score | Affected products | Affected versions1 | Fixes introduced in |
|---|---|---|---|---|
| K94221585: iControl SOAP vulnerability CVE-2022-41622 | 8.8 | BIG-IP (all modules) | 17.0.0 | |
| 16.1.0 - 16.1.3 | ||||
| 15.1.0 - 15.1.8 | ||||
| 14.1.0 - 14.1.5 | ||||
| 13.1.0 - 13.1.5 | 17.0.0.2 | |||
| 16.1.3.3 | ||||
| 15.1.8.1 | ||||
| 14.1.5.3 | ||||
| BIG-IQ Centralized Management | 8.0.0 - 8.2.0 | |||
| 7.1.0 | None | |||
| K13325942: Appliance mode iControl REST vulnerability CVE-2022-41800 | 8.7 - Appliance mode only | BIG-IP (all modules) | 17.0.0 | |
| 16.1.0 - 16.1.3 | ||||
| 15.1.0 - 15.1.8 | ||||
| 14.1.0 - 14.1.5 | ||||
| 13.1.0 - 13.1.5 | 17.1.0 | |||
| 17.0.0.2 | ||||
| 16.1.3.3 | ||||
| 15.1.8.1 | ||||
| 14.1.5.3 |
1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle.
Improvements
| Article (Improvements) | Affected products | Affected versions1 | Fixes introduced in |
|---|---|---|---|
| K05403841: BIG-IP and BIG-IQ improvements disclosed by Rapid7 | BIG-IP (all modules) | 17.0.0 | |
| 16.1.0 - 16.1.3 | |||
| 15.1.0 - 15.1.8 | |||
| 14.1.0 - 14.1.5 | |||
| 13.1.0 - 13.1.5 | None | ||
| BIG-IQ Centralized Management | 8.0.0 - 8.2.0 | ||
| 7.1.0 | None |
1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle.
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.422 Medium
EPSS
Percentile
97.0%