Sign-up

ID

VAR-202208-0364


CVE

CVE-2022-33947


TITLE

BIG-IP  Untrusted Data Deserialization Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016748

DESCRIPTION

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operations through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP There is a vulnerability in deserialization of untrusted data.Service operation interruption (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-33947 // JVNDB: JVNDB-2022-016748 // VULHUB: VHN-431016 // VULMON: CVE-2022-33947

AFFECTED PRODUCTS

vendor:f5model:big-ip domain name systemscope:ltversion:15.1.6.1

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:ltversion:16.1.3

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:ltversion:14.1.5

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:eqversion: -

Trust: 0.8

vendor:f5model:big-ip domain name systemscope:ltversion:16.1.x

Trust: 0.8

vendor:f5model:big-ip domain name systemscope: - version: -

Trust: 0.8

vendor:f5model:big-ip domain name systemscope:ltversion:14.1.x

Trust: 0.8

vendor:f5model:big-ip domain name systemscope:eqversion:14.1.5

Trust: 0.8

vendor:f5model:big-ip domain name systemscope:ltversion:15.1.x

Trust: 0.8

vendor:f5model:big-ip domain name systemscope:eqversion:13.1.x

Trust: 0.8

vendor:f5model:big-ip domain name systemscope:eqversion:15.1.6.1

Trust: 0.8

vendor:f5model:big-ip domain name systemscope:eqversion:16.1.3

Trust: 0.8

sources: JVNDB: JVNDB-2022-016748 // NVD: CVE-2022-33947

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-33947
value: MEDIUM

Trust: 1.0

f5sirt@f5.com: CVE-2022-33947
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-33947
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202208-2069
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-33947
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

f5sirt@f5.com: CVE-2022-33947
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2022-33947
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-016748 // CNNVD: CNNVD-202208-2069 // NVD: CVE-2022-33947 // NVD: CVE-2022-33947

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.1

problemtype:Deserialization of untrusted data (CWE-502) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-431016 // JVNDB: JVNDB-2022-016748 // NVD: CVE-2022-33947

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2069

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202208-2069

PATCH

title:K38893457url:https://support.f5.com/csp/article/K38893457

Trust: 0.8

sources: JVNDB: JVNDB-2022-016748

EXTERNAL IDS

db:NVDid:CVE-2022-33947

Trust: 3.4

db:JVNDBid:JVNDB-2022-016748

Trust: 0.8

db:CNNVDid:CNNVD-202208-2069

Trust: 0.6

db:VULHUBid:VHN-431016

Trust: 0.1

db:VULMONid:CVE-2022-33947

Trust: 0.1

sources: VULHUB: VHN-431016 // VULMON: CVE-2022-33947 // JVNDB: JVNDB-2022-016748 // CNNVD: CNNVD-202208-2069 // NVD: CVE-2022-33947

REFERENCES

url:https://support.f5.com/csp/article/k38893457

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-33947

Trust: 0.8

url:https://vigilance.fr/vulnerability/f5-big-ip-multiple-vulnerabilities-38983

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-33947/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-431016 // VULMON: CVE-2022-33947 // JVNDB: JVNDB-2022-016748 // CNNVD: CNNVD-202208-2069 // NVD: CVE-2022-33947

SOURCES

db:VULHUBid:VHN-431016
db:VULMONid:CVE-2022-33947
db:JVNDBid:JVNDB-2022-016748
db:CNNVDid:CNNVD-202208-2069
db:NVDid:CVE-2022-33947

LAST UPDATE DATE

2024-08-14T15:21:40.492000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-431016date:2022-08-10T00:00:00
db:VULMONid:CVE-2022-33947date:2022-08-04T00:00:00
db:JVNDBid:JVNDB-2022-016748date:2023-10-06T05:20:00
db:CNNVDid:CNNVD-202208-2069date:2022-08-11T00:00:00
db:NVDid:CVE-2022-33947date:2022-08-10T23:41:17.590

SOURCES RELEASE DATE

db:VULHUBid:VHN-431016date:2022-08-04T00:00:00
db:VULMONid:CVE-2022-33947date:2022-08-04T00:00:00
db:JVNDBid:JVNDB-2022-016748date:2023-10-06T00:00:00
db:CNNVDid:CNNVD-202208-2069date:2022-08-03T00:00:00
db:NVDid:CVE-2022-33947date:2022-08-04T18:15:09.850