CVE-2022-35728 (GCVE-0-2022-35728)

Vulnerability from cvelistv5 – Published: 2022-08-04 17:49 – Updated: 2024-09-16 16:42
VLAI?
Title
iControl REST vulnerability CVE-2022-35728
Summary
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity ?
8.1 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
f5
References
Impacted products
Vendor Product Version
F5 BIG-IP Affected: 13.1.0 , < 13.1.x* (custom)
Affected: 14.1.x , < 14.1.5.1 (custom)
Affected: 15.1.x , < 15.1.6.1 (custom)
Affected: 16.1.x , < 16.1.3.1 (custom)
Affected: 17.0.x , < 17.0.0.1 (custom)
Create a notification for this product.
    F5 BIG-IQ Centralized Management Affected: 8.0.x , < 8.2.0 (custom)
Affected: 7.0.0 , < 7.x* (custom)
Create a notification for this product.
Credits
F5 acknowledges BELARCHAOUI Youcef of ELIT / El Djazair Information Technology for bringing this issue to our attention and following the highest standards of coordinated disclosure.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:44:21.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K55580033"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "13.1.x*",
              "status": "affected",
              "version": "13.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "14.1.5.1",
              "status": "affected",
              "version": "14.1.x",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1.6.1",
              "status": "affected",
              "version": "15.1.x",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1.3.1",
              "status": "affected",
              "version": "16.1.x",
              "versionType": "custom"
            },
            {
              "lessThan": "17.0.0.1",
              "status": "affected",
              "version": "17.0.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "BIG-IQ Centralized Management",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "8.2.0",
              "status": "affected",
              "version": "8.0.x",
              "versionType": "custom"
            },
            {
              "lessThan": "7.x*",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "F5 acknowledges BELARCHAOUI Youcef of ELIT / El Djazair Information Technology for bringing this issue to our attention and following the highest standards of coordinated disclosure."
        }
      ],
      "datePublic": "2022-08-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user\u0027s iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-04T17:49:50",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.f5.com/csp/article/K55580033"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "iControl REST vulnerability CVE-2022-35728",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "DATE_PUBLIC": "2022-08-03T14:00:00.000Z",
          "ID": "CVE-2022-35728",
          "STATE": "PUBLIC",
          "TITLE": "iControl REST vulnerability CVE-2022-35728"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIG-IP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_name": "13.1.x",
                            "version_value": "13.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "14.1.x",
                            "version_value": "14.1.5.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "15.1.x",
                            "version_value": "15.1.6.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.1.x",
                            "version_value": "16.1.3.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.0.x",
                            "version_value": "17.0.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "BIG-IQ Centralized Management",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "8.0.x",
                            "version_value": "8.2.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "7.x",
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "F5"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "F5 acknowledges BELARCHAOUI Youcef of ELIT / El Djazair Information Technology for bringing this issue to our attention and following the highest standards of coordinated disclosure."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user\u0027s iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-613 Insufficient Session Expiration"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K55580033",
              "refsource": "MISC",
              "url": "https://support.f5.com/csp/article/K55580033"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2022-35728",
    "datePublished": "2022-08-04T17:49:50.388667Z",
    "dateReserved": "2022-07-19T00:00:00",
    "dateUpdated": "2024-09-16T16:42:29.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-35728\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2022-08-04T18:15:10.887\",\"lastModified\":\"2024-11-21T07:11:33.717\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user\u0027s iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"},{\"lang\":\"es\",\"value\":\"En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5.1, y todas las versiones de 13.1.x, y la versi\u00f3n 8.x de BIG-IQ anteriores a 8.2.0 y todas las versiones de 7.x, el token REST de iControl de un usuario autenticado puede seguir siendo v\u00e1lido durante un tiempo limitado despu\u00e9s de cerrar la sesi\u00f3n de la utilidad de Configuraci\u00f3n. Nota: Las versiones de software que han alcanzado el fin del soporte t\u00e9cnico (EoTS) no son evaluadas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"D93F04AD-DF14-48AB-9F13-8B2E491CF42E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.5.1\",\"matchCriteriaId\":\"E94575F8-271B-4C99-BD91-5E860E389E16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"160570FB-7707-4362-90B0-F8C8FE8BA38B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"AE0DB896-63DC-4622-A4DA-5B77A919EDF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD637AF5-F7D1-428F-955E-16756B7476E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"6603ED6A-3366-4572-AFCD-B3D4B1EC7606\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.5.1\",\"matchCriteriaId\":\"48172A3E-435E-4E60-9775-F6C465107E52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"1FADD47D-1A4C-430F-B7C7-763F72893824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"EE0CE38A-7167-4DE4-BB9D-CD6DF81FE0F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8332960-4AAE-4101-8FFF-2D07B6479BD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"9167FEC1-2C37-4946-9657-B4E69301FB24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.5.1\",\"matchCriteriaId\":\"02C65A16-56CA-4B67-9687-3E154E0C3CB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"2728406D-E27A-4434-BC3B-4D844F0E7BA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"1BC32350-1D2B-4284-941B-8B98305C45F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:17.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA0A9081-15D2-44F7-B66E-5C594F7C8066\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"7EC2324D-EC8B-41DF-88A7-819E53AAD0FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.5.1\",\"matchCriteriaId\":\"F7E87FB8-85D9-4011-9F34-5A01E8850EED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"5E7BD4CE-189E-4CA9-BE66-14A9CED7B63B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"83ACDEF1-CF4F-41BF-B256-EA7198BB9208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDEBE106-40F1-439C-8154-187D89988C3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"922AA845-530A-4B4B-9976-4CBC30C8A324\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.5.1\",\"matchCriteriaId\":\"E4FFADE1-6D10-412B-84F2-AD6895EF8196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"1E51349F-E198-4643-A10D-6C1D35E10F0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"179FECCD-2795-4194-BED0-18CFEF792E9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9AB53DF-7335-462E-B8CD-44DF0DCE3826\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"08B25AAB-A98C-4F89-9131-29E3A8C0ED23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.5.1\",\"matchCriteriaId\":\"BAE2D795-D387-46A5-ACD3-2D1B4AE2C2BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"FDC0EE80-B537-4061-8D25-7BEE1A8191DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"37684CEC-10C0-4B3C-B8F1-BBAAF3C08B61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:17.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC4E36FE-C4C7-4C00-A65A-41F50FCE017D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"E3D2ABA3-D4A9-4267-B0DF-7C3BBEEAEB66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.5.1\",\"matchCriteriaId\":\"79D9E57A-C39A-438E-AE73-66B8D966ABBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"2E49DAA0-9716-4D3A-87D4-CE55E6480CE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"58B1F7D1-80E2-4C5E-967C-C48244BA7B43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:17.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D0954BD-CC9C-448F-A9C1-3FB71AB27D6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"E6018B01-048C-43BB-A78D-66910ED60CA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.5.1\",\"matchCriteriaId\":\"14817A84-8837-47A1-8EC0-89BFE2B7FFCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"C92185E0-F49B-41E2-815C-93C5643C2CAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"4FE45D7A-BBB1-41AB-B980-B0BE9A3B5E83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:17.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B04EE3A2-A09D-41C3-A5F2-DAC007041B14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"D9EC2237-117F-43BD-ADEC-516CF72E04EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.5.1\",\"matchCriteriaId\":\"E3096F08-8022-408C-8B9D-E5C66C90F3FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"EC49DC01-B0B5-41DF-8B8B-CCE0AED8748C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"6A57376D-044D-46E4-9702-ECEF1F8A6380\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:17.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7B147BB-1B2E-4F40-9FA7-1165B8F0B60D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"0360F76D-E75E-4B05-A294-B47012323ED9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.5.1\",\"matchCriteriaId\":\"81F01E35-9B1F-4779-A807-1799ACBDE603\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"D0E7A929-53FF-482D-9935-E3B2E6C9D174\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"330DF580-A2F8-43A9-A73A-18DAE744352A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:17.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73FB842B-33B1-4AD4-AC61-47192A87A785\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"8257AA59-C14D-4EC1-B22C-DFBB92CBC297\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.5.1\",\"matchCriteriaId\":\"9294B662-A67D-41FB-88E7-5AF1998B31BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"4DCF4D67-ECC3-4808-AF91-CA2BE17E5E8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"EA2E069B-1FD5-48BE-9468-9C70C2BC30C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"509A4307-3EC4-4AE7-AF72-3C2B3CF9E754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_centralized_management:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B589C35-55F2-4D40-B5A6-8267EE20D627\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_centralized_management:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA0B396A-B5CE-4337-A33A-EF58C4589CB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_centralized_management:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"756F8EDF-6F87-4C6D-B2DB-ED97F799C27F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_centralized_management:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99D94840-8F62-4232-89F0-A83313AD418A\"}]}]}],\"references\":[{\"url\":\"https://support.f5.com/csp/article/K55580033\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K55580033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.