PT-2022-26030 · F5 · F5 Big-Ip+1
Published
2022-10-19
·
Updated
2022-10-23
·
CVE-2022-41694
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 13.1.x through 16.1.2
F5 BIG-IP versions 14.1.x through 14.1.4
F5 BIG-IP versions 15.1.x through 15.1.6
F5 BIG-IQ versions 7.x through 8.1.0
Description
When an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate.
Recommendations
For F5 BIG-IP versions 13.1.x, update to a version after 13.1.x to resolve the issue.
For F5 BIG-IP versions 14.1.x through 14.1.4, update to version 14.1.5 or later.
For F5 BIG-IP versions 15.1.x through 15.1.6, update to version 15.1.6.1 or later.
For F5 BIG-IP versions 16.1.x through 16.1.2, update to version 16.1.3 or later.
For F5 BIG-IQ versions 7.x, update to a version after 7.x.
For F5 BIG-IQ versions 8.x through 8.1.0, update to version 8.2.0.1 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F5 Big-Ip
F5 Big-Iq