CVE-2022-23026

Name of the Vulnerable Software and Affected Versions BIG-IP ASM & Advanced WAF versions 12.1.x through 16.1.x before 16.1.2 BIG-IP ASM & Advanced WAF versions 13.1.x BIG-IP ASM & Advanced WAF versions 14.1.x before 14.1.4.5 BIG-IP ASM & Advanced WAF versions 15.1.x before 15.1.4.1

Description The issue is related to an authenticated user with low privileges being able to upload data using an undisclosed REST endpoint, causing an increase in disk resource utilization. This could potentially allow a remote attacker to execute arbitrary code.

Recommendations For BIG-IP ASM & Advanced WAF versions 12.1.x, update to a version after 12.1.x or apply a configuration change to restrict access to the undisclosed REST endpoint. For BIG-IP ASM & Advanced WAF versions 13.1.x, update to a version after 13.1.x or apply a configuration change to restrict access to the undisclosed REST endpoint. For BIG-IP ASM & Advanced WAF versions 14.1.x before 14.1.4.5, update to version 14.1.4.5 or later. For BIG-IP ASM & Advanced WAF versions 15.1.x before 15.1.4.1, update to version 15.1.4.1 or later. For BIG-IP ASM & Advanced WAF versions 16.1.x before 16.1.2, update to version 16.1.2 or later. As a temporary workaround, consider restricting access to the undisclosed REST endpoint until a patch is available.