PT-2022-15776 · F5 · Big-Iq Centralized Management+1

Published

2022-01-25

Updated

2022-02-01

CVE-2022-23009

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions BIG-IQ Centralized Management versions 8.0.0 through 8.0.x

Description An authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system.

Recommendations For BIG-IQ Centralized Management versions 8.0.0 through 8.0.x, update to version 8.1.0 or later to resolve the issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2022-23009

Affected Products

Big-Ip

Big-Iq Centralized Management

PT-2022-15776 · F5 · Big-Iq Centralized Management+1

CVE-2022-23009

Weakness Enumeration

Related Identifiers

Affected Products

References · 5