CVE-2022-41813 — Vulnetix

CVE-2022-41813 PUBLISHED CVSS 6.5 MEDIUM

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate.

EPSS 0.69% · 72.1th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.69%

72.1th percentile

Affected Products

Vendor	Product	Versions
f5	big-ip_policy_enforcement_manager	16.1.0, 13.1.0, 15.1.0
F5	BIG-IP AFM & PEM	13.1.0, 17.0.0, 16.1.x
f5	big-ip_advanced_firewall_manager	16.1.0, 15.1.0, 14.1.0

Timeline

Oct 19, 2022 CVE Published
Oct 22, 2022 EPSS Score
Dec 5, 2022 EPSS Score
Jan 17, 2023 EPSS Score
Mar 2, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 14, 2023 EPSS Score
May 28, 2023 EPSS Score
Jul 11, 2023 EPSS Score
Oct 6, 2023 EPSS Score
Nov 18, 2023 EPSS Score
Jan 1, 2024 EPSS Score

References

https://support.f5.com/csp/article/K76934290 advisory
https://support.f5.com/csp/article/K93723284 url
https://nvd.nist.gov/vuln/detail/CVE-2022-41813 advisory

Open in Interactive Console →