CVE-2022-35735
HIGHBIG-IP <16.1.3.1, 15.1.x <15.1.6.1, 14.1.x <14.1.5.1, 13.1.x - Priv...
Title source: llmDescription
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K13213418
Scores
CVSS v3
7.2
EPSS
0.0163
EPSS Percentile
82.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (11)
f5/big-ip_access_policy_manager
13.1.0 - 13.1.5
f5/big-ip_advanced_firewall_manager
13.1.0 - 13.1.5
f5/big-ip_analytics
13.1.0 - 13.1.5
f5/big-ip_application_acceleration_manager
13.1.0 - 13.1.5
f5/big-ip_application_security_manager
13.1.0 - 13.1.5
f5/big-ip_domain_name_system
13.1.0 - 13.1.5
f5/big-ip_fraud_protection_service
13.1.0 - 13.1.5
f5/big-ip_global_traffic_manager
13.1.0 - 13.1.5
f5/big-ip_link_controller
13.1.0 - 13.1.5
f5/big-ip_local_traffic_manager
13.1.0 - 13.1.5
... and 1 more
Published
Aug 04, 2022
Tracked Since
Feb 18, 2026