CVE-2022-27634

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 05-05-2022 07:15

Last modified: - 13-05-2022 06:03

Total changes: - 2

Description

On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

High

Privileges required

Unchanged

Scope

None

User interaction

7.2

Base score

1.2

5.9

Exploitability score

Impact score

Verification logic

vendor=f5 AND product=big-ip_access_policy_manager AND versionStartIncluding=16.1.0 AND versionEndExcluding=16.1.2.2

vendor=f5 AND product=big-ip_access_policy_manager AND versionStartIncluding=15.1.0 AND versionEndExcluding=15.1.5.1

Reference

https://support.f5.com/csp/article/K57555833

Keywords

CVE-2022-27634

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-27634

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures