VDB
CVE-2022-26415
CVE-2022-26415
PUBLISHED
CVSS 7.699999809265137 HIGH
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
EPSS 0.52% · 67.2th percentile
Risk Scores
CVSS v3.1
7.699999809265137
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
EPSS Score
0.52%
67.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| f5 | big-ip_application_security_manager | 13.1.0, 14.1.0, 15.1.0 |
| f5 | big-ip_global_traffic_manager | 12.1.0, 15.1.0, 16.1.0 |
| f5 | big-ip_local_traffic_manager | 12.1.0, 13.1.0, 14.1.0 |
| f5 | big-ip_access_policy_manager | 16.1.0, 12.1.0, 15.1.0 |
| f5 | big-ip_analytics | 12.1.0, 13.1.0, 14.1.0 |
| f5 | big-ip_policy_enforcement_manager | 16.1.0, 14.1.0, 15.1.0 |
| f5 | big-ip_link_controller | 13.1.0, 12.1.0, 16.1.0 |
| F5 | BIG-IP | 16.1.x, 17.0.0, 13.1.x |
| f5 | big-ip_domain_name_system | 14.1.0, 16.1.0, 15.1.0 |
| f5 | big-ip_advanced_firewall_manager | 16.1.0, 12.1.0, 13.1.0 |
| f5 | big-ip_fraud_protection_service | 12.1.0, 13.1.0, 14.1.0 |
| f5 | big-ip_application_acceleration_manager | 12.1.0, 16.1.0, 15.1.0 |
Timeline
- May 5, 2022 CVE Published
- May 6, 2022 EPSS Score
- Jun 24, 2022 EPSS Score
- Aug 14, 2022 EPSS Score
- Oct 2, 2022 EPSS Score
- Nov 21, 2022 EPSS Score
- Jan 9, 2023 EPSS Score
- Feb 27, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 18, 2023 EPSS Score
- Jun 6, 2023 EPSS Score
- Jul 25, 2023 EPSS Score
References
- https://support.f5.com/csp/article/K54082580 advisory
- https://support.f5.com/csp/article/K41440465 advisory
- https://support.f5.com/csp/article/K21317311 advisory
- https://support.f5.com/csp/article/K31856317 advisory
- https://support.f5.com/csp/article/K14229426 advisory
- https://support.f5.com/csp/article/K23454411 advisory
- https://support.f5.com/csp/article/K71103363 advisory
- https://support.f5.com/csp/article/K06323049 advisory
- https://support.f5.com/csp/article/K49905324 advisory
- https://support.f5.com/csp/article/K39002226 advisory
- https://support.f5.com/csp/article/K93543114 advisory
- https://support.f5.com/csp/article/K25451853 advisory
- https://support.f5.com/csp/article/K24248011 advisory
- https://support.f5.com/csp/article/K54460845 advisory
- https://support.f5.com/csp/article/K51539421 advisory
- https://support.f5.com/csp/article/K92306170 advisory
- https://support.f5.com/csp/article/K37155600 advisory
- https://support.f5.com/csp/article/K64124988 advisory
- https://support.f5.com/csp/article/K17341495 advisory
- https://support.f5.com/csp/article/K38271531 advisory
…and 25 more