Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-27806

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Published

2022-05-05T17:15:13.620

Last Modified

2024-11-21T06:56:13.683

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.7 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

6.4

Weaknesses

Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	f5	big-ip_access_policy_manager	13.1.0	Yes
Application	f5	big-ip_access_policy_manager	13.1.1	Yes
Application	f5	big-ip_access_policy_manager	13.1.3	Yes
Application	f5	big-ip_access_policy_manager	13.1.4	Yes
Application	f5	big-ip_access_policy_manager	13.1.5	Yes
Application	f5	big-ip_access_policy_manager	14.1.0	Yes
Application	f5	big-ip_access_policy_manager	14.1.2	Yes
Application	f5	big-ip_access_policy_manager	14.1.3	Yes
Application	f5	big-ip_access_policy_manager	14.1.4	Yes
Application	f5	big-ip_access_policy_manager	15.1.0	Yes
Application	f5	big-ip_access_policy_manager	15.1.1	Yes
Application	f5	big-ip_access_policy_manager	15.1.2	Yes
Application	f5	big-ip_access_policy_manager	15.1.3	Yes
Application	f5	big-ip_access_policy_manager	15.1.4	Yes
Application	f5	big-ip_access_policy_manager	15.1.5	Yes
Application	f5	big-ip_access_policy_manager	16.1.0	Yes
Application	f5	big-ip_access_policy_manager	16.1.1	Yes
Application	f5	big-ip_access_policy_manager	16.1.2	Yes
Application	f5	big-ip_advanced_web_application_firewall	13.1.0	Yes
Application	f5	big-ip_advanced_web_application_firewall	13.1.1	Yes
Application	f5	big-ip_advanced_web_application_firewall	13.1.3	Yes
Application	f5	big-ip_advanced_web_application_firewall	13.1.4	Yes
Application	f5	big-ip_advanced_web_application_firewall	13.1.5	Yes
Application	f5	big-ip_advanced_web_application_firewall	14.1.0	Yes
Application	f5	big-ip_advanced_web_application_firewall	14.1.2	Yes
Application	f5	big-ip_advanced_web_application_firewall	14.1.3	Yes
Application	f5	big-ip_advanced_web_application_firewall	14.1.4	Yes
Application	f5	big-ip_advanced_web_application_firewall	15.1.0	Yes
Application	f5	big-ip_advanced_web_application_firewall	15.1.1	Yes
Application	f5	big-ip_advanced_web_application_firewall	15.1.2	Yes
Application	f5	big-ip_advanced_web_application_firewall	15.1.3	Yes
Application	f5	big-ip_advanced_web_application_firewall	15.1.4	Yes
Application	f5	big-ip_advanced_web_application_firewall	15.1.5	Yes
Application	f5	big-ip_advanced_web_application_firewall	16.1.0	Yes
Application	f5	big-ip_advanced_web_application_firewall	16.1.1	Yes
Application	f5	big-ip_advanced_web_application_firewall	16.1.2	Yes
Application	f5	big-ip_application_security_manager	13.1.0	Yes
Application	f5	big-ip_application_security_manager	13.1.1	Yes
Application	f5	big-ip_application_security_manager	13.1.3	Yes
Application	f5	big-ip_application_security_manager	13.1.4	Yes
Application	f5	big-ip_application_security_manager	13.1.5	Yes
Application	f5	big-ip_application_security_manager	14.1.0	Yes
Application	f5	big-ip_application_security_manager	14.1.2	Yes
Application	f5	big-ip_application_security_manager	14.1.3	Yes
Application	f5	big-ip_application_security_manager	14.1.4	Yes
Application	f5	big-ip_application_security_manager	15.1.0	Yes
Application	f5	big-ip_application_security_manager	15.1.1	Yes
Application	f5	big-ip_application_security_manager	15.1.2	Yes
Application	f5	big-ip_application_security_manager	15.1.3	Yes
Application	f5	big-ip_application_security_manager	15.1.4	Yes
Application	f5	big-ip_application_security_manager	15.1.5	Yes
Application	f5	big-ip_application_security_manager	16.1.0	Yes
Application	f5	big-ip_application_security_manager	16.1.1	Yes
Application	f5	big-ip_application_security_manager	16.1.2	Yes
Application	f5	big-ip_guided_configuration	< 9.0	Yes

References

https://support.f5.com/csp/article/K68647001 Vendor Advisory ([email protected])
https://support.f5.com/csp/article/K68647001 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)