V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2022-34655
CVE
High

In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload com…

CVSS
7.5
High
EPSS
0.01
p46
Published
2022-01-01
Updated
2022-01-01
Description

In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Tags · CWE
Pre-auth
CWE-457
Affected products
Big-ip_access_policy_manager 14.1.0–14.1.5Big-ip_access_policy_manager 15.1.0–15.1.6.1Big-ip_access_policy_manager 16.0.0–16.0.1.1Big-ip_advanced_firewall_manager 14.1.0–14.1.5Big-ip_advanced_firewall_manager 15.1.0–15.1.6.1Big-ip_advanced_firewall_manager 16.0.0–16.0.1.1Big-ip_analytics 14.1.0–14.1.5Big-ip_analytics 15.1.0–15.1.6.1Big-ip_analytics 16.0.0–16.0.1.1Big-ip_application_acceleration_manager 14.1.0–14.1.5Big-ip_application_acceleration_manager 15.1.0–15.1.6.1Big-ip_application_acceleration_manager 16.0.0–16.0.1.1Big-ip_application_security_manager 14.1.0–14.1.5Big-ip_application_security_manager 15.1.0–15.1.6.1Big-ip_application_security_manager 16.0.0–16.0.1.1Big-ip_domain_name_system 14.1.0–14.1.5Big-ip_domain_name_system 15.1.0–15.1.6.1Big-ip_domain_name_system 16.0.0–16.0.1.1Big-ip_fraud_protection_service 14.1.0–14.1.5Big-ip_fraud_protection_service 15.1.0–15.1.6.1Big-ip_fraud_protection_service 16.0.0–16.0.1.1Big-ip_global_traffic_manager 14.1.0–14.1.5Big-ip_global_traffic_manager 15.1.0–15.1.6.1Big-ip_global_traffic_manager 16.0.0–16.0.1.1Big-ip_link_controller 14.1.0–14.1.5Big-ip_link_controller 15.1.0–15.1.6.1Big-ip_link_controller 16.0.0–16.0.1.1Big-ip_local_traffic_manager 14.1.0–14.1.5Big-ip_local_traffic_manager 15.1.0–15.1.6.1Big-ip_local_traffic_manager 16.0.0–16.0.1.1Big-ip_policy_enforcement_manager 14.1.0–14.1.5Big-ip_policy_enforcement_manager 15.1.0–15.1.6.1Big-ip_policy_enforcement_manager 16.0.0–16.0.1.1
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Timeline
2022-01-01
Published
2022-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: N
None (N)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.007 · p46
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
F5
Big-ip Access Policy ManagerBig-ip Application Security ManagerBig-ip Advanced Firewall ManagerBig-ip Local Traffic ManagerBig-ip Policy Enforcement ManagerBig-ip Link ControllerBig-ip Application Acceleration ManagerBig-ip AnalyticsBig-ip Global Traffic ManagerBig-ip Domain Name System+1
ProductVendorStatus
big-ip_access_policy_manager*Tracked
big-ip_advanced_firewall_manager*Tracked
big-ip_analytics*Tracked
big-ip_application_acceleration_manager*Tracked
big-ip_application_security_manager*Tracked
big-ip_domain_name_system*Tracked
big-ip_fraud_protection_service*Tracked
big-ip_global_traffic_manager*Tracked
big-ip_link_controller*Tracked
big-ip_local_traffic_manager*Tracked
big-ip_policy_enforcement_manager*Tracked
Source databases
CVE