CVE-2022-23013

Name of the Vulnerable Software and Affected Versions BIG-IP DNS & GTM versions 11.6.x BIG-IP DNS & GTM versions 12.1.x BIG-IP DNS & GTM versions 13.1.x BIG-IP DNS & GTM versions 14.1.x through 14.1.4.3 BIG-IP DNS & GTM versions 15.1.x through 15.1.3 BIG-IP DNS & GTM versions 16.x through 16.0.x

Description A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility, allowing an attacker to execute JavaScript in the context of the currently logged-in user.

Recommendations For versions 11.6.x, consider disabling access to the BIG-IP Configuration utility until a patch is available. For versions 12.1.x, restrict access to the undisclosed page in the BIG-IP Configuration utility to minimize the risk of exploitation. For versions 13.1.x, avoid using the BIG-IP Configuration utility for sensitive operations until the issue is resolved. For versions 14.1.x through 14.1.4.3, update to version 14.1.4.4 or later. For versions 15.1.x through 15.1.3, update to version 15.1.4 or later. For versions 16.x through 16.0.x, update to version 16.1.0 or later.