7.2
CVE-2022-28695
- EPSS 0.44%
- Published 05.05.2022 17:15:14
- Last modified 21.11.2024 06:57:45
- Source f5sirt@f5.com
- Teams watchlist Login
- Open Login
On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Data is provided by the National Vulnerability Database (NVD)
F5 ≫ Big-ip Advanced Firewall Manager Version13.1.0
F5 ≫ Big-ip Advanced Firewall Manager Version13.1.1
F5 ≫ Big-ip Advanced Firewall Manager Version13.1.3
F5 ≫ Big-ip Advanced Firewall Manager Version13.1.4
F5 ≫ Big-ip Advanced Firewall Manager Version13.1.5
F5 ≫ Big-ip Advanced Firewall Manager Version14.1.0
F5 ≫ Big-ip Advanced Firewall Manager Version14.1.2
F5 ≫ Big-ip Advanced Firewall Manager Version14.1.3
F5 ≫ Big-ip Advanced Firewall Manager Version14.1.4
F5 ≫ Big-ip Advanced Firewall Manager Version15.1.0
F5 ≫ Big-ip Advanced Firewall Manager Version15.1.1
F5 ≫ Big-ip Advanced Firewall Manager Version15.1.2
F5 ≫ Big-ip Advanced Firewall Manager Version15.1.3
F5 ≫ Big-ip Advanced Firewall Manager Version15.1.4
F5 ≫ Big-ip Advanced Firewall Manager Version15.1.5
F5 ≫ Big-ip Advanced Firewall Manager Version16.1.0
F5 ≫ Big-ip Advanced Firewall Manager Version16.1.1
F5 ≫ Big-ip Advanced Firewall Manager Version16.1.2
F5 ≫ Big-ip Advanced Firewall Manager Version17.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.623 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| f5sirt@f5.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.