CVE-2022-34851 : In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published 2022-08-04 18:15:10

Updated 2022-08-10 18:09:52

Source F5 Networks

View at NVD, CVE.org

Vulnerability category: Input validation

Products affected by CVE-2022-34851

F5 » Big-ip Local Traffic Manager
Versions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Local Traffic Manager
Versions from including (>=) 15.1.0 and before (<) 15.1.6.1
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Local Traffic Manager
Versions from including (>=) 16.1.0 and before (<) 16.1.3.1
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Local Traffic Manager
Versions from including (>=) 14.1.0 and before (<) 14.1.5.1
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Local Traffic Manager » Version: 17.0.0
cpe:2.3:a:f5:big-ip_local_traffic_manager:17.0.0:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager
Versions from including (>=) 14.1.0 and before (<) 14.1.5.1
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager
Versions from including (>=) 15.1.0 and before (<) 15.1.6.1
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager
Versions from including (>=) 16.1.0 and before (<) 16.1.3.1
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager
Versions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager » Version: 17.0.0
cpe:2.3:a:f5:big-ip_global_traffic_manager:17.0.0:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager
Versions from including (>=) 15.1.0 and before (<) 15.1.6.1
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager
Versions from including (>=) 14.1.0 and before (<) 14.1.5.1
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager
Versions from including (>=) 16.1.0 and before (<) 16.1.3.1
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager
Versions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager » Version: 17.0.0
cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager
Versions from including (>=) 14.1.0 and before (<) 14.1.5.1
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager
Versions from including (>=) 16.1.0 and before (<) 16.1.3.1
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager
Versions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager
Versions from including (>=) 15.1.0 and before (<) 15.1.6.1
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager » Version: 17.0.0
cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller
Versions from including (>=) 15.1.0 and before (<) 15.1.6.1
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller
Versions from including (>=) 14.1.0 and before (<) 14.1.5.1
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller
Versions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller
Versions from including (>=) 16.1.0 and before (<) 16.1.3.1
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller » Version: 17.0.0
cpe:2.3:a:f5:big-ip_link_controller:17.0.0:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics
Versions from including (>=) 15.1.0 and before (<) 15.1.6.1
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics
Versions from including (>=) 16.1.0 and before (<) 16.1.3.1
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics
Versions from including (>=) 14.1.0 and before (<) 14.1.5.1
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics
Versions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics » Version: 17.0.0
cpe:2.3:a:f5:big-ip_analytics:17.0.0:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager
Versions from including (>=) 14.1.0 and before (<) 14.1.5.1
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager
Versions from including (>=) 16.1.0 and before (<) 16.1.3.1
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager
Versions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager
Versions from including (>=) 15.1.0 and before (<) 15.1.6.1
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager » Version: 17.0.0
cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.0.0:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager
Versions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager
Versions from including (>=) 16.1.0 and before (<) 16.1.3.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager
Versions from including (>=) 15.1.0 and before (<) 15.1.6.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager
Versions from including (>=) 14.1.0 and before (<) 14.1.5.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager » Version: 17.0.0
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager
Versions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager
Versions from including (>=) 14.1.0 and before (<) 14.1.5.1
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager
Versions from including (>=) 15.1.0 and before (<) 15.1.6.1
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager
Versions from including (>=) 16.1.0 and before (<) 16.1.3.1
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager » Version: 17.0.0
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.0.0:*:*:*:*:*:*:*
Matching versions
F5 » Big-iq Centralized Management
Versions from including (>=) 8.0.0 and up to, including, (<=) 8.2.0
cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System
Versions from including (>=) 15.1.0 and before (<) 15.1.6.1
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System
Versions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System
Versions from including (>=) 16.1.0 and before (<) 16.1.3.1
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System
Versions from including (>=) 14.1.0 and before (<) 14.1.5.1
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System » Version: 17.0.0
cpe:2.3:a:f5:big-ip_domain_name_system:17.0.0:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service
Versions from including (>=) 15.1.0 and before (<) 15.1.6.1
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service
Versions from including (>=) 13.1.0 and up to, including, (<=) 13.1.5
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service
Versions from including (>=) 16.1.0 and before (<) 16.1.3.1
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service
Versions from including (>=) 14.1.0 and before (<) 14.1.5.1
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service » Version: 17.0.0
cpe:2.3:a:f5:big-ip_fraud_protection_service:17.0.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-34851

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 27 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-34851

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	2.8	1.4	F5 Networks
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-34851

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: f5sirt@f5.com (Primary)

References for CVE-2022-34851

https://support.f5.com/csp/article/K50310001

Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-34851

Products affected by CVE-2022-34851

Exploit prediction scoring system (EPSS) score for CVE-2022-34851

CVSS scores for CVE-2022-34851

CWE ids for CVE-2022-34851

References for CVE-2022-34851