VDB

CVE-2022-27806

CVE-2022-27806 PUBLISHED CVSS 8.699999809265137 HIGH

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

EPSS 0.47% · 65.0th percentile

Risk Scores

CVSS 3.1
8.699999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
EPSS Score
0.47%
65.0th percentile

Affected Products

VendorProductVersions
F5BIG-IP Guided Configuration (GC)All
f5big-ip_advanced_web_application_firewall14.1.2, 15.1.2, 13.1.3
f5big-ip_access_policy_manager15.1.5, 13.1.0, 13.1.1
f5big-ip_guided_configuration0
f5big-ip_application_security_manager13.1.1, 14.1.2, 14.1.0
F5BIG-IP (Advanced WAF, APM, ASM)16.1.x, 15.1.x, 13.1.x

Exploit Intelligence

Timeline

  • May 5, 2022 CVE Published
  • May 6, 2022 EPSS Score
  • May 14, 2022 EPSS Score
  • Jun 24, 2022 EPSS Score
  • Aug 14, 2022 EPSS Score
  • Nov 21, 2022 EPSS Score
  • Jan 9, 2023 EPSS Score
  • Feb 28, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 18, 2023 EPSS Score
  • Jun 7, 2023 EPSS Score
  • Jul 26, 2023 EPSS Score

References

…and 25 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›