Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-41770

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests.

Published

2022-10-19T22:15:12.900

Last Modified

2024-11-21T07:23:48.790

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-400
  • Type: Primary
    CWE-400
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application f5 big-ip_access_policy_manager ≤ 13.1.5 Yes
Application f5 big-ip_access_policy_manager < 14.1.5.1 Yes
Application f5 big-ip_access_policy_manager < 15.1.7 Yes
Application f5 big-ip_access_policy_manager < 16.1.3.1 Yes
Application f5 big-ip_access_policy_manager < 17.0.0.1 Yes
Application f5 big-ip_advanced_firewall_manager ≤ 13.1.5 Yes
Application f5 big-ip_advanced_firewall_manager < 14.1.5.1 Yes
Application f5 big-ip_advanced_firewall_manager < 15.1.7 Yes
Application f5 big-ip_advanced_firewall_manager < 16.1.3.1 Yes
Application f5 big-ip_advanced_firewall_manager < 17.0.0.1 Yes
Application f5 big-ip_analytics ≤ 13.1.5 Yes
Application f5 big-ip_analytics < 14.1.5.1 Yes
Application f5 big-ip_analytics < 15.1.7 Yes
Application f5 big-ip_analytics < 16.1.3.1 Yes
Application f5 big-ip_analytics < 17.0.0.1 Yes
Application f5 big-ip_application_acceleration_manager ≤ 13.1.5 Yes
Application f5 big-ip_application_acceleration_manager < 14.1.5.1 Yes
Application f5 big-ip_application_acceleration_manager < 15.1.7 Yes
Application f5 big-ip_application_acceleration_manager < 16.1.3.1 Yes
Application f5 big-ip_application_acceleration_manager < 17.0.0.1 Yes
Application f5 big-ip_application_security_manager ≤ 13.1.5 Yes
Application f5 big-ip_application_security_manager < 14.1.5.1 Yes
Application f5 big-ip_application_security_manager < 15.1.7 Yes
Application f5 big-ip_application_security_manager < 16.1.3.1 Yes
Application f5 big-ip_application_security_manager < 17.0.0.1 Yes
Application f5 big-ip_domain_name_system ≤ 13.1.5 Yes
Application f5 big-ip_domain_name_system < 14.1.5.1 Yes
Application f5 big-ip_domain_name_system < 15.1.7 Yes
Application f5 big-ip_domain_name_system < 16.1.3.1 Yes
Application f5 big-ip_domain_name_system < 17.0.0.1 Yes
Application f5 big-ip_fraud_protection_service ≤ 13.1.5 Yes
Application f5 big-ip_fraud_protection_service < 14.1.5.1 Yes
Application f5 big-ip_fraud_protection_service < 15.1.7 Yes
Application f5 big-ip_fraud_protection_service < 16.1.3.1 Yes
Application f5 big-ip_fraud_protection_service < 17.0.0.1 Yes
Application f5 big-ip_global_traffic_manager ≤ 13.1.5 Yes
Application f5 big-ip_global_traffic_manager < 14.1.5.1 Yes
Application f5 big-ip_global_traffic_manager < 15.1.7 Yes
Application f5 big-ip_global_traffic_manager < 16.1.3.1 Yes
Application f5 big-ip_global_traffic_manager < 17.0.0.1 Yes
Application f5 big-ip_link_controller ≤ 13.1.5 Yes
Application f5 big-ip_link_controller < 14.1.5.1 Yes
Application f5 big-ip_link_controller < 15.1.7 Yes
Application f5 big-ip_link_controller < 16.1.3.1 Yes
Application f5 big-ip_link_controller < 17.0.0.1 Yes
Application f5 big-ip_local_traffic_manager ≤ 13.1.5 Yes
Application f5 big-ip_local_traffic_manager < 14.1.5.1 Yes
Application f5 big-ip_local_traffic_manager < 15.1.7 Yes
Application f5 big-ip_local_traffic_manager < 16.1.3.1 Yes
Application f5 big-ip_local_traffic_manager < 17.0.0.1 Yes
Application f5 big-ip_policy_enforcement_manager ≤ 13.1.5 Yes
Application f5 big-ip_policy_enforcement_manager < 14.1.5.1 Yes
Application f5 big-ip_policy_enforcement_manager < 15.1.7 Yes
Application f5 big-ip_policy_enforcement_manager < 16.1.3.1 Yes
Application f5 big-ip_policy_enforcement_manager < 17.0.0.1 Yes
Application f5 big-iq_centralized_management ≤ 8.2.0 Yes
Application f5 big-iq_centralized_management 7.1.0 Yes
References