CVE-2022-26340

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 16.1.2.2 F5 BIG-IP versions prior to 15.1.5.1 F5 BIG-IP versions prior to 14.1.4.6 F5 BIG-IP versions prior to 13.1.5 F5 BIG-IP versions 12.1.x and 11.6.x F5 BIG-IQ Centralized Management versions 8.x and 7.x

Description An authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system.

Recommendations For F5 BIG-IP versions prior to 16.1.2.2, update to version 16.1.2.2 or later. For F5 BIG-IP versions prior to 15.1.5.1, update to version 15.1.5.1 or later. For F5 BIG-IP versions prior to 14.1.4.6, update to version 14.1.4.6 or later. For F5 BIG-IP versions prior to 13.1.5, update to version 13.1.5 or later. For F5 BIG-IP versions 12.1.x and 11.6.x, consider disabling the Secure Copy (SCP) protocol until a patch is available, as these versions have reached End of Technical Support (EoTS). For F5 BIG-IQ Centralized Management versions 8.x and 7.x, consider restricting access to the Secure Copy (SCP) protocol until a patch is available.