4.9

CVE-2022-26835

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Data is provided by the National Vulnerability Database (NVD)
F5Big-ip Access Policy Manager Version11.6.1
F5Big-ip Access Policy Manager Version11.6.2
F5Big-ip Access Policy Manager Version11.6.3
F5Big-ip Access Policy Manager Version11.6.4
F5Big-ip Access Policy Manager Version11.6.5
F5Big-ip Access Policy Manager Version12.1.0
F5Big-ip Access Policy Manager Version12.1.1
F5Big-ip Access Policy Manager Version12.1.2
F5Big-ip Access Policy Manager Version12.1.3
F5Big-ip Access Policy Manager Version12.1.4
F5Big-ip Access Policy Manager Version12.1.5
F5Big-ip Access Policy Manager Version12.1.6
F5Big-ip Access Policy Manager Version13.1.0
F5Big-ip Access Policy Manager Version13.1.1
F5Big-ip Access Policy Manager Version13.1.3
F5Big-ip Access Policy Manager Version13.1.4
F5Big-ip Access Policy Manager Version13.1.5
F5Big-ip Access Policy Manager Version14.1.0
F5Big-ip Access Policy Manager Version14.1.2
F5Big-ip Access Policy Manager Version14.1.3
F5Big-ip Access Policy Manager Version14.1.4
F5Big-ip Access Policy Manager Version15.1.0
F5Big-ip Access Policy Manager Version15.1.1
F5Big-ip Access Policy Manager Version15.1.2
F5Big-ip Access Policy Manager Version15.1.3
F5Big-ip Access Policy Manager Version15.1.4
F5Big-ip Access Policy Manager Version15.1.5
F5Big-ip Access Policy Manager Version16.1.0
F5Big-ip Access Policy Manager Version16.1.1
F5Big-ip Access Policy Manager Version16.1.2
F5Big-ip Access Policy Manager Version17.0.0
F5Big-ip Analytics Version11.6.1
F5Big-ip Analytics Version11.6.2
F5Big-ip Analytics Version11.6.3
F5Big-ip Analytics Version11.6.4
F5Big-ip Analytics Version11.6.5
F5Big-ip Analytics Version12.1.0
F5Big-ip Analytics Version12.1.1
F5Big-ip Analytics Version12.1.2
F5Big-ip Analytics Version12.1.3
F5Big-ip Analytics Version12.1.4
F5Big-ip Analytics Version12.1.5
F5Big-ip Analytics Version12.1.6
F5Big-ip Analytics Version13.1.0
F5Big-ip Analytics Version13.1.1
F5Big-ip Analytics Version13.1.3
F5Big-ip Analytics Version13.1.4
F5Big-ip Analytics Version13.1.5
F5Big-ip Analytics Version14.1.0
F5Big-ip Analytics Version14.1.2
F5Big-ip Analytics Version14.1.3
F5Big-ip Analytics Version14.1.4
F5Big-ip Analytics Version15.1.0
F5Big-ip Analytics Version15.1.1
F5Big-ip Analytics Version15.1.2
F5Big-ip Analytics Version15.1.3
F5Big-ip Analytics Version15.1.4
F5Big-ip Analytics Version15.1.5
F5Big-ip Analytics Version16.1.0
F5Big-ip Analytics Version16.1.1
F5Big-ip Analytics Version16.1.2
F5Big-ip Analytics Version17.0.0
F5Big-ip Domain Name System Version11.6.1
F5Big-ip Domain Name System Version11.6.2
F5Big-ip Domain Name System Version11.6.3
F5Big-ip Domain Name System Version11.6.4
F5Big-ip Domain Name System Version11.6.5
F5Big-ip Domain Name System Version12.1.0
F5Big-ip Domain Name System Version12.1.1
F5Big-ip Domain Name System Version12.1.2
F5Big-ip Domain Name System Version12.1.3
F5Big-ip Domain Name System Version12.1.4
F5Big-ip Domain Name System Version12.1.5
F5Big-ip Domain Name System Version12.1.6
F5Big-ip Domain Name System Version13.1.0
F5Big-ip Domain Name System Version13.1.1
F5Big-ip Domain Name System Version13.1.3
F5Big-ip Domain Name System Version13.1.4
F5Big-ip Domain Name System Version13.1.5
F5Big-ip Domain Name System Version14.1.0
F5Big-ip Domain Name System Version14.1.2
F5Big-ip Domain Name System Version14.1.3
F5Big-ip Domain Name System Version14.1.4
F5Big-ip Domain Name System Version15.1.0
F5Big-ip Domain Name System Version15.1.1
F5Big-ip Domain Name System Version15.1.2
F5Big-ip Domain Name System Version15.1.3
F5Big-ip Domain Name System Version15.1.4
F5Big-ip Domain Name System Version15.1.5
F5Big-ip Domain Name System Version16.1.0
F5Big-ip Domain Name System Version16.1.1
F5Big-ip Domain Name System Version16.1.2
F5Big-ip Domain Name System Version17.0.0
F5Big-ip Global Traffic Manager Version11.6.1
F5Big-ip Global Traffic Manager Version11.6.2
F5Big-ip Global Traffic Manager Version11.6.3
F5Big-ip Global Traffic Manager Version11.6.4
F5Big-ip Global Traffic Manager Version11.6.5
F5Big-ip Global Traffic Manager Version12.1.0
F5Big-ip Global Traffic Manager Version12.1.1
F5Big-ip Global Traffic Manager Version12.1.2
F5Big-ip Global Traffic Manager Version12.1.3
F5Big-ip Global Traffic Manager Version12.1.4
F5Big-ip Global Traffic Manager Version12.1.5
F5Big-ip Global Traffic Manager Version12.1.6
F5Big-ip Global Traffic Manager Version13.1.0
F5Big-ip Global Traffic Manager Version13.1.1
F5Big-ip Global Traffic Manager Version13.1.3
F5Big-ip Global Traffic Manager Version13.1.4
F5Big-ip Global Traffic Manager Version13.1.5
F5Big-ip Global Traffic Manager Version14.1.0
F5Big-ip Global Traffic Manager Version14.1.2
F5Big-ip Global Traffic Manager Version14.1.3
F5Big-ip Global Traffic Manager Version14.1.4
F5Big-ip Global Traffic Manager Version15.1.0
F5Big-ip Global Traffic Manager Version15.1.1
F5Big-ip Global Traffic Manager Version15.1.2
F5Big-ip Global Traffic Manager Version15.1.3
F5Big-ip Global Traffic Manager Version15.1.4
F5Big-ip Global Traffic Manager Version15.1.5
F5Big-ip Global Traffic Manager Version16.1.0
F5Big-ip Global Traffic Manager Version16.1.1
F5Big-ip Global Traffic Manager Version16.1.2
F5Big-ip Global Traffic Manager Version17.0.0
F5Big-ip Link Controller Version11.6.1
F5Big-ip Link Controller Version11.6.2
F5Big-ip Link Controller Version11.6.3
F5Big-ip Link Controller Version11.6.4
F5Big-ip Link Controller Version11.6.5
F5Big-ip Link Controller Version12.1.0
F5Big-ip Link Controller Version12.1.1
F5Big-ip Link Controller Version12.1.2
F5Big-ip Link Controller Version12.1.3
F5Big-ip Link Controller Version12.1.4
F5Big-ip Link Controller Version12.1.5
F5Big-ip Link Controller Version12.1.6
F5Big-ip Link Controller Version13.1.0
F5Big-ip Link Controller Version13.1.1
F5Big-ip Link Controller Version13.1.3
F5Big-ip Link Controller Version13.1.4
F5Big-ip Link Controller Version13.1.5
F5Big-ip Link Controller Version14.1.0
F5Big-ip Link Controller Version14.1.2
F5Big-ip Link Controller Version14.1.3
F5Big-ip Link Controller Version14.1.4
F5Big-ip Link Controller Version15.1.0
F5Big-ip Link Controller Version15.1.1
F5Big-ip Link Controller Version15.1.2
F5Big-ip Link Controller Version15.1.3
F5Big-ip Link Controller Version15.1.4
F5Big-ip Link Controller Version15.1.5
F5Big-ip Link Controller Version16.1.0
F5Big-ip Link Controller Version16.1.1
F5Big-ip Link Controller Version16.1.2
F5Big-ip Link Controller Version17.0.0
F5Big-ip Local Traffic Manager Version11.6.1
F5Big-ip Local Traffic Manager Version11.6.2
F5Big-ip Local Traffic Manager Version11.6.3
F5Big-ip Local Traffic Manager Version11.6.4
F5Big-ip Local Traffic Manager Version11.6.5
F5Big-ip Local Traffic Manager Version12.1.0
F5Big-ip Local Traffic Manager Version12.1.1
F5Big-ip Local Traffic Manager Version12.1.2
F5Big-ip Local Traffic Manager Version12.1.3
F5Big-ip Local Traffic Manager Version12.1.4
F5Big-ip Local Traffic Manager Version12.1.5
F5Big-ip Local Traffic Manager Version12.1.6
F5Big-ip Local Traffic Manager Version13.1.0
F5Big-ip Local Traffic Manager Version13.1.1
F5Big-ip Local Traffic Manager Version13.1.3
F5Big-ip Local Traffic Manager Version13.1.4
F5Big-ip Local Traffic Manager Version13.1.5
F5Big-ip Local Traffic Manager Version14.1.0
F5Big-ip Local Traffic Manager Version14.1.2
F5Big-ip Local Traffic Manager Version14.1.3
F5Big-ip Local Traffic Manager Version14.1.4
F5Big-ip Local Traffic Manager Version15.1.0
F5Big-ip Local Traffic Manager Version15.1.1
F5Big-ip Local Traffic Manager Version15.1.2
F5Big-ip Local Traffic Manager Version15.1.3
F5Big-ip Local Traffic Manager Version15.1.4
F5Big-ip Local Traffic Manager Version15.1.5
F5Big-ip Local Traffic Manager Version16.1.0
F5Big-ip Local Traffic Manager Version16.1.1
F5Big-ip Local Traffic Manager Version16.1.2
F5Big-ip Local Traffic Manager Version17.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.51% 0.652
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
f5sirt@f5.com 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.