5.9

CVE-2022-28708

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP DNS resolver-enabled, HTTP-Explicit or SOCKS profile is configured on a virtual server, an undisclosed DNS response can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Data is provided by the National Vulnerability Database (NVD)
F5Big-ip Access Policy Manager Version15.1.0
F5Big-ip Access Policy Manager Version15.1.1
F5Big-ip Access Policy Manager Version15.1.2
F5Big-ip Access Policy Manager Version15.1.3
F5Big-ip Access Policy Manager Version15.1.4
F5Big-ip Access Policy Manager Version15.1.5
F5Big-ip Access Policy Manager Version16.1.0
F5Big-ip Access Policy Manager Version16.1.1
F5Big-ip Access Policy Manager Version16.1.2
F5Big-ip Analytics Version15.1.0
F5Big-ip Analytics Version15.1.1
F5Big-ip Analytics Version15.1.2
F5Big-ip Analytics Version15.1.3
F5Big-ip Analytics Version15.1.4
F5Big-ip Analytics Version15.1.5
F5Big-ip Analytics Version16.1.0
F5Big-ip Analytics Version16.1.1
F5Big-ip Analytics Version16.1.2
F5Big-ip Domain Name System Version15.1.0
F5Big-ip Domain Name System Version15.1.1
F5Big-ip Domain Name System Version15.1.2
F5Big-ip Domain Name System Version15.1.3
F5Big-ip Domain Name System Version15.1.4
F5Big-ip Domain Name System Version15.1.5
F5Big-ip Domain Name System Version16.1.0
F5Big-ip Domain Name System Version16.1.1
F5Big-ip Domain Name System Version16.1.2
F5Big-ip Global Traffic Manager Version15.1.0
F5Big-ip Global Traffic Manager Version15.1.1
F5Big-ip Global Traffic Manager Version15.1.2
F5Big-ip Global Traffic Manager Version15.1.3
F5Big-ip Global Traffic Manager Version15.1.4
F5Big-ip Global Traffic Manager Version15.1.5
F5Big-ip Global Traffic Manager Version16.1.0
F5Big-ip Global Traffic Manager Version16.1.1
F5Big-ip Global Traffic Manager Version16.1.2
F5Big-ip Link Controller Version15.1.0
F5Big-ip Link Controller Version15.1.1
F5Big-ip Link Controller Version15.1.2
F5Big-ip Link Controller Version15.1.3
F5Big-ip Link Controller Version15.1.4
F5Big-ip Link Controller Version15.1.5
F5Big-ip Link Controller Version16.1.0
F5Big-ip Link Controller Version16.1.1
F5Big-ip Link Controller Version16.1.2
F5Big-ip Local Traffic Manager Version15.1.0
F5Big-ip Local Traffic Manager Version15.1.1
F5Big-ip Local Traffic Manager Version15.1.2
F5Big-ip Local Traffic Manager Version15.1.3
F5Big-ip Local Traffic Manager Version15.1.4
F5Big-ip Local Traffic Manager Version15.1.5
F5Big-ip Local Traffic Manager Version16.1.0
F5Big-ip Local Traffic Manager Version16.1.1
F5Big-ip Local Traffic Manager Version16.1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.46% 0.632
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
f5sirt@f5.com 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.