Details of VAR-202205-0272

ID

VAR-202205-0272

CVE

CVE-2022-26835

TITLE

F5 BIG-IP Path traversal vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202205-2085

DESCRIPTION

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. F5 BIG-IP is an application delivery platform of F5 that integrates functions such as network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. F5 BIG-IP has a path traversal vulnerability, which can be exploited by attackers to read arbitrary files

Trust: 1.08

sources: NVD: CVE-2022-26835 // VULHUB: VHN-419854 // VULMON: CVE-2022-26835

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	15.1.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	15.1.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	16.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	13.1.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	16.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	16.1.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	15.1.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	15.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	17.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	16.1.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	15.1.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	17.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	15.1.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	13.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	16.1.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	15.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	16.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	16.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	15.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	17.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	14.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	16.1.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	15.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	16.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	14.1.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	15.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	15.1.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	15.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	16.1.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	13.1.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	15.1.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	13.1.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	14.1.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	15.1.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	17.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	13.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	14.1.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	15.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	14.1.3	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	11.6.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	13.1.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	17.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	11.6.3	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	17.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	13.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	17.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	17.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	13.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.4	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.6.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	14.1.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	15.1.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.1.4	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	17.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	15.1.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	15.1.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	15.1.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	16.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	14.1.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	15.1.4	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	15.1.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	15.1.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	15.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	13.1.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	17.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	16.1.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	15.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	15.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	15.1.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	13.1.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	15.1.3	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	15.1.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	13.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	13.1.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	15.1.4	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.3	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	15.1.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	13.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	14.1.3	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	12.1.4	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	15.1.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	13.1.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.4	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	15.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	15.1.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	16.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	15.1.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	13.1.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	16.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	15.1.4	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	15.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	13.1.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	15.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	15.1.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	12.1.4	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.6	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	15.1.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	16.1.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	15.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	15.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	16.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	15.1.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	16.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	15.1.4	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	15.1.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	15.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	15.1.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	15.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	15.1.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	16.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	15.1.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	14.1.3	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	17.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	15.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	15.1.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	15.1.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	16.1.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	15.1.4	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	15.1.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	16.1.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	15.1.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	16.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	16.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.3	Trust: 1.0

sources: NVD: CVE-2022-26835

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26835
value:	MEDIUM
Trust: 1.0
f5sirt@f5.com:	CVE-2022-26835
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202205-2085
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-419854
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-26835
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-26835
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-419854
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-26835
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-419854 // VULMON: CVE-2022-26835 // CNNVD: CNNVD-202205-2085 // NVD: CVE-2022-26835 // NVD: CVE-2022-26835

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.1

sources: VULHUB: VHN-419854 // NVD: CVE-2022-26835

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2085

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202205-2085

PATCH

title:

F5 BIG-IP Repair measures for path traversal vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192643

Trust: 0.6

sources: CNNVD: CNNVD-202205-2085

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26835	Trust: 1.8
db:	CS-HELP	id:	SB2022050520	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2140	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-2085	Trust: 0.6
db:	CNVD	id:	CNVD-2022-74963	Trust: 0.1
db:	VULHUB	id:	VHN-419854	Trust: 0.1
db:	VULMON	id:	CVE-2022-26835	Trust: 0.1

sources: VULHUB: VHN-419854 // VULMON: CVE-2022-26835 // CNNVD: CNNVD-202205-2085 // NVD: CVE-2022-26835

REFERENCES

url:	https://support.f5.com/csp/article/k53197140	Trust: 1.8
url:	https://cxsecurity.com/cveshow/cve-2022-26835/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2140	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022050520	Trust: 0.6
url:	https://vigilance.fr/vulnerability/f5-big-ip-multiple-vulnerabilities-38241	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-419854 // VULMON: CVE-2022-26835 // CNNVD: CNNVD-202205-2085 // NVD: CVE-2022-26835

SOURCES

db:	VULHUB	id:	VHN-419854
db:	VULMON	id:	CVE-2022-26835
db:	CNNVD	id:	CNNVD-202205-2085
db:	NVD	id:	CVE-2022-26835

LAST UPDATE DATE

2024-11-23T21:50:32.035000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-419854	date:	2022-05-12T00:00:00
db:	VULMON	id:	CVE-2022-26835	date:	2022-05-12T00:00:00
db:	CNNVD	id:	CNNVD-202205-2085	date:	2022-05-13T00:00:00
db:	NVD	id:	CVE-2022-26835	date:	2024-11-21T06:54:36.710

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-419854	date:	2022-05-05T00:00:00
db:	VULMON	id:	CVE-2022-26835	date:	2022-05-05T00:00:00
db:	CNNVD	id:	CNNVD-202205-2085	date:	2022-05-04T00:00:00
db:	NVD	id:	CVE-2022-26835	date:	2022-05-05T17:15:12.297