CVE-2022-41983
LOWF5 Big-ip Access Policy Manager < 13.1.5 - Cleartext Transmission
Title source: ruleDescription
On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory
https://support.f5.com/csp/article/K31523465
Scores
CVSS v3
3.7
EPSS
0.0013
EPSS Percentile
31.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-319
Status
published
Products (19)
f5/big-ip_access_policy_manager
13.1.0 - 13.1.5
f5/big-ip_advanced_firewall_manager
13.1.0 - 13.1.5
f5/big-ip_advanced_web_application_firewall
13.1.0 - 13.1.5
f5/big-ip_analytics
13.1.0 - 13.1.5
f5/big-ip_application_acceleration_manager
13.1.0 - 13.1.5
f5/big-ip_application_security_manager
13.1.0 - 13.1.5
f5/big-ip_application_visibility_and_reporting
13.1.0 - 13.1.5
f5/big-ip_carrier-grade_nat
13.1.0 - 13.1.5
f5/big-ip_ddos_hybrid_defender
13.1.0 - 13.1.5
f5/big-ip_domain_name_system
13.1.0 - 13.1.5
... and 9 more
Published
Oct 19, 2022
Tracked Since
Feb 18, 2026