Published: 05/05/2022 Updated: 16/05/2022

CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 6.5 | Impact Score: 5.2 | Exploitability Score: 1.2

VMScore: 436

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions before 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Vulnerable Product	Search on Vulmon	Subscribe to Product
f5 big-ip access policy manager 13.1.0
f5 big-ip application security manager 13.1.0
f5 big-ip access policy manager 14.1.0
f5 big-ip application security manager 14.1.0
f5 big-ip application security manager 15.1.0
f5 big-ip access policy manager 15.1.0
f5 big-ip advanced web application firewall 15.1.0
f5 big-ip access policy manager 14.1.4
f5 big-ip advanced web application firewall 14.1.4
f5 big-ip application security manager 14.1.4
f5 big-ip access policy manager 13.1.1
f5 big-ip access policy manager 13.1.3
f5 big-ip access policy manager 13.1.4
f5 big-ip access policy manager 13.1.5
f5 big-ip access policy manager 14.1.2
f5 big-ip access policy manager 14.1.3
f5 big-ip access policy manager 15.1.1
f5 big-ip access policy manager 15.1.2
f5 big-ip access policy manager 15.1.3
f5 big-ip access policy manager 15.1.4
f5 big-ip access policy manager 15.1.5
f5 big-ip access policy manager 16.1.0
f5 big-ip access policy manager 16.1.1
f5 big-ip access policy manager 16.1.2
f5 big-ip application security manager 15.1.4
f5 big-ip application security manager 15.1.5
f5 big-ip application security manager 16.1.0
f5 big-ip application security manager 16.1.1
f5 big-ip application security manager 16.1.2
f5 big-ip advanced web application firewall 16.1.0
f5 big-ip application security manager 13.1.1
f5 big-ip application security manager 13.1.3
f5 big-ip application security manager 13.1.4
f5 big-ip application security manager 13.1.5
f5 big-ip application security manager 14.1.2
f5 big-ip application security manager 14.1.3
f5 big-ip application security manager 15.1.1
f5 big-ip application security manager 15.1.2
f5 big-ip application security manager 15.1.3
f5 big-ip advanced web application firewall 13.1.0
f5 big-ip advanced web application firewall 13.1.1
f5 big-ip advanced web application firewall 13.1.3
f5 big-ip advanced web application firewall 13.1.4
f5 big-ip advanced web application firewall 13.1.5
f5 big-ip advanced web application firewall 14.1.0
f5 big-ip advanced web application firewall 14.1.2
f5 big-ip advanced web application firewall 14.1.3
f5 big-ip advanced web application firewall 15.1.1
f5 big-ip advanced web application firewall 15.1.2
f5 big-ip advanced web application firewall 15.1.3
f5 big-ip advanced web application firewall 15.1.4
f5 big-ip advanced web application firewall 15.1.5
f5 big-ip advanced web application firewall 16.1.1
f5 big-ip advanced web application firewall 16.1.2
f5 big-ip guided configuration

CWE-354 https://support.f5.com/csp/article/K52322100 https://nvd.nist.gov

CVE-2022-25946

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect