PT-2022-22395 · F5 · Big-Iq Centralized Management+1
Published
2022-08-04
·
Updated
2022-08-10
·
CVE-2022-34851
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
BIG-IP versions 13.1.x
BIG-IP versions 14.1.x before 14.1.5.1
BIG-IP versions 15.1.x before 15.1.6.1
BIG-IP versions 16.1.x before 16.1.3.1
BIG-IP versions 17.0.x before 17.0.0.1
BIG-IQ Centralized Management versions 8.x
Description
An authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests.
Recommendations
For BIG-IP versions 13.1.x, consider disabling the iControl SOAP service until a patch is available.
For BIG-IP versions 14.1.x before 14.1.5.1, update to version 14.1.5.1 or later.
For BIG-IP versions 15.1.x before 15.1.6.1, update to version 15.1.6.1 or later.
For BIG-IP versions 16.1.x before 16.1.3.1, update to version 16.1.3.1 or later.
For BIG-IP versions 17.0.x before 17.0.0.1, update to version 17.0.0.1 or later.
For BIG-IQ Centralized Management versions 8.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Big-Ip
Big-Iq Centralized Management