CVE-2022-33962

MEDIUM

BIG-IP <17.0.0.1, 16.1.x <16.1.3.1, 15.1.x <15.1.6.1, 14.1.x <14.1....

Title source: llm
STIX 2.1

Description

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K80970653

Scores

CVSS v3 6.7
EPSS 0.0007
EPSS Percentile 20.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-269
Status published
Products (22)
f5/big-ip_access_policy_manager 17.0.0
f5/big-ip_access_policy_manager 13.1.0 - 13.1.5
f5/big-ip_advanced_firewall_manager 17.0.0
f5/big-ip_advanced_firewall_manager 13.1.0 - 13.1.5
f5/big-ip_analytics 17.0.0
f5/big-ip_analytics 13.1.0 - 13.1.5
f5/big-ip_application_acceleration_manager 17.0.0
f5/big-ip_application_acceleration_manager 13.1.0 - 13.1.5
f5/big-ip_application_security_manager 17.0.0
f5/big-ip_application_security_manager 13.1.0 - 13.1.5
... and 12 more
Published Aug 04, 2022
Tracked Since Feb 18, 2026