ID
VAR-202210-1428
CVE
CVE-2022-41813
TITLE
F5 BIG-IP Input validation error vulnerability
Trust: 0.6
DESCRIPTION
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. The following versions are affected: 16.1.x versions prior to 16.1.3.1, 15.1.x versions prior to 15.1.6.1, 14.1.x versions prior to 14.1.5, all versions prior to 13.1.x
Trust: 0.99
AFFECTED PRODUCTS
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | lt | version: | 15.1.6.1 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | gte | version: | 15.1.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip advanced firewall manager | scope: | lt | version: | 15.1.6.1 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip advanced firewall manager | scope: | gte | version: | 16.1.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip advanced firewall manager | scope: | gte | version: | 14.1.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | lte | version: | 13.1.5 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip advanced firewall manager | scope: | lt | version: | 16.1.3.1 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip advanced firewall manager | scope: | gte | version: | 13.1.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip advanced firewall manager | scope: | lt | version: | 14.1.5 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | lt | version: | 16.1.3.1 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | lt | version: | 14.1.5 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | gte | version: | 16.1.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip advanced firewall manager | scope: | lte | version: | 13.1.5 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | gte | version: | 14.1.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip advanced firewall manager | scope: | gte | version: | 15.1.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | gte | version: | 13.1.0 | Trust: 1.0 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.1 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation error
Trust: 0.6
PATCH
| title: | F5 BIG-IP Enter the fix for the verification error vulnerability | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=211818 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-41813 | Trust: 1.7 |
| db: | CNNVD | id: | CNNVD-202210-1425 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-429561 | Trust: 0.1 |
REFERENCES
| url: | https://support.f5.com/csp/article/k93723284 | Trust: 1.7 |
| url: | https://cxsecurity.com/cveshow/cve-2022-41813/ | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/f5-big-ip-denial-of-service-via-traffic-management-microkernel-39639 | Trust: 0.6 |
SOURCES
| db: | VULHUB | id: | VHN-429561 |
| db: | CNNVD | id: | CNNVD-202210-1425 |
| db: | NVD | id: | CVE-2022-41813 |
LAST UPDATE DATE
2024-08-14T14:37:12.369000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-429561 | date: | 2022-10-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-202210-1425 | date: | 2022-10-25T00:00:00 |
| db: | NVD | id: | CVE-2022-41813 | date: | 2022-10-24T14:06:35.050 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-429561 | date: | 2022-10-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-202210-1425 | date: | 2022-10-19T00:00:00 |
| db: | NVD | id: | CVE-2022-41813 | date: | 2022-10-19T22:15:13.270 |