Sign-up

ID

VAR-202210-1676


CVE

CVE-2022-41836


TITLE

F5 BIG-IP Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-1393

DESCRIPTION

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate

Trust: 0.99

sources: NVD: CVE-2022-41836 // VULHUB: VHN-438122

AFFECTED PRODUCTS

vendor:f5model:big-ip application security managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip application security managerscope:ltversion:16.1.3.1

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:eqversion:17.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip advanced web application firewallscope:ltversion:15.1.7

Trust: 1.0

vendor:f5model:big-ip application security managerscope:eqversion:17.0.0

Trust: 1.0

sources: NVD: CVE-2022-41836

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-41836
value: HIGH

Trust: 1.0

f5sirt@f5.com: CVE-2022-41836
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202210-1393
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-41836
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: CNNVD: CNNVD-202210-1393 // NVD: CVE-2022-41836 // NVD: CVE-2022-41836

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2022-41836

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1393

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-1393

PATCH

title:F5 BIG-IP Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=211812

Trust: 0.6

sources: CNNVD: CNNVD-202210-1393

EXTERNAL IDS

db:NVDid:CVE-2022-41836

Trust: 1.7

db:AUSCERTid:ESB-2022.5231

Trust: 0.6

db:CNNVDid:CNNVD-202210-1393

Trust: 0.6

db:VULHUBid:VHN-438122

Trust: 0.1

sources: VULHUB: VHN-438122 // CNNVD: CNNVD-202210-1393 // NVD: CVE-2022-41836

REFERENCES

url:https://support.f5.com/csp/article/k47204506

Trust: 1.7

url:https://www.auscert.org.au/bulletins/esb-2022.5231

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-41836/

Trust: 0.6

url:https://vigilance.fr/vulnerability/f5-big-ip-denial-of-service-via-attack-signature-false-positive-mode-39643

Trust: 0.6

sources: VULHUB: VHN-438122 // CNNVD: CNNVD-202210-1393 // NVD: CVE-2022-41836

SOURCES

db:VULHUBid:VHN-438122
db:CNNVDid:CNNVD-202210-1393
db:NVDid:CVE-2022-41836

LAST UPDATE DATE

2024-08-14T14:43:40.203000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-438122date:2022-10-24T00:00:00
db:CNNVDid:CNNVD-202210-1393date:2022-10-25T00:00:00
db:NVDid:CVE-2022-41836date:2022-10-24T15:54:22.210

SOURCES RELEASE DATE

db:VULHUBid:VHN-438122date:2022-10-19T00:00:00
db:CNNVDid:CNNVD-202210-1393date:2022-10-19T00:00:00
db:NVDid:CVE-2022-41836date:2022-10-19T22:15:13.550