What is the severity of CVE-2022-33947?

CVE-2022-33947 has a severity rating that indicates it poses a significant risk to affected systems.

Who is affected by CVE-2022-33947?

CVE-2022-33947 affects specific versions of the F5 BIG-IP Domain Name System software, particularly 13.1.x, 14.1.x, 15.1.x, and 16.1.x prior to their respective fixed versions.

How do I fix CVE-2022-33947?

To remediate CVE-2022-33947, update your F5 BIG-IP software to the latest version released after the vulnerability was disclosed.

What types of attacks are possible via CVE-2022-33947?

CVE-2022-33947 allows authenticated attackers with at least operator roles to exploit vulnerabilities in the BIG-IP DNS Traffic Management User Interface.

Is authentication required to exploit CVE-2022-33947?

Yes, an attacker must be authenticated and possess at least an operator role to exploit CVE-2022-33947.

Vulnerability/
CVE-2022-33947

medium

6.5

CWE

502

3/8/2022

3/8/2024

CVE-2022-33947: BIG-IP DNS TMUI Vulnerability CVE-2022-33947

First published: Wed Aug 03 2022(Updated: )

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operations through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Credit: f5sirt@f5.com

Affected Software	Affected Version	How to fix
F5 BIG-IP	>=13.1.0<=13.1.5
F5 BIG-IP	>=14.1.0<14.1.5
F5 BIG-IP	>=15.1.0<15.1.6.1
F5 BIG-IP	>=16.1.0<16.1.3

Never miss a vulnerability like this again

Reference Links

https://support.f5.com/csp/article/K38893457

Frequently Asked Questions

What is the severity of CVE-2022-33947?
CVE-2022-33947 has a severity rating that indicates it poses a significant risk to affected systems.
Who is affected by CVE-2022-33947?
CVE-2022-33947 affects specific versions of the F5 BIG-IP Domain Name System software, particularly 13.1.x, 14.1.x, 15.1.x, and 16.1.x prior to their respective fixed versions.
How do I fix CVE-2022-33947?
To remediate CVE-2022-33947, update your F5 BIG-IP software to the latest version released after the vulnerability was disclosed.
What types of attacks are possible via CVE-2022-33947?
CVE-2022-33947 allows authenticated attackers with at least operator roles to exploit vulnerabilities in the BIG-IP DNS Traffic Management User Interface.
Is authentication required to exploit CVE-2022-33947?
Yes, an attacker must be authenticated and possess at least an operator role to exploit CVE-2022-33947.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/description
agent/title
agent/weakness
agent/event
agent/first-publish-date
agent/severity
agent/references
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/f5
canonical/f5 big-ip
version/f5 big-ip/13.1.0
version/f5 big-ip/13.1.5
version/f5 big-ip/14.1.0
version/f5 big-ip/15.1.0
version/f5 big-ip/16.1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.