First published: Wed Oct 19 2022(Updated: )
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.
Credit: f5sirt@f5.com
Affected Software | Affected Version | How to fix |
---|---|---|
F5 Big-ip Advanced Web Application Firewall | >=13.1.0<13.1.5.1 | |
F5 Big-ip Advanced Web Application Firewall | >=14.1.0<14.1.5.1 | |
F5 Big-ip Advanced Web Application Firewall | >=15.1.0<15.1.6.1 | |
F5 Big-ip Advanced Web Application Firewall | >=16.1.0<16.1.3.1 | |
F5 BIG-IP Application Security Manager | >=13.1.0<13.1.5.1 | |
F5 BIG-IP Application Security Manager | >=14.1.0<14.1.5.1 | |
F5 BIG-IP Application Security Manager | >=15.1.0<15.1.6.1 | |
F5 BIG-IP Application Security Manager | >=16.1.0<16.1.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-41617 is a remote code execution vulnerability in the BIG-IP iControl REST interface.
Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1 of F5 Big-ip Advanced Web Application Firewall and F5 BIG-IP Application Security Manager are affected by CVE-2022-41617.
CVE-2022-41617 has a severity value of 7.2, which is considered high.
To fix CVE-2022-41617, update your F5 Big-ip Advanced Web Application Firewall or F5 BIG-IP Application Security Manager to version 16.1.3.1, 15.1.6.1, 14.1.5.1, or 13.1.5.1.
More information about CVE-2022-41617 can be found at the following link: [link](https://support.f5.com/csp/article/K11830089)