F5 Products Multiple Vulnerabilities
Release Date:
20 Jan 2022
3676
Views
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in F5 Products . A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, spoofing, cross-site scripting and security restriction bypass on the targeted system.
Impact
- Cross-Site Scripting
- Denial of Service
- Security Restriction Bypass
- Spoofing
System / Technologies affected
NGINX Controller API Management
- Version 3.18.0 - 3.19.0
BIG-IQ Centralized Management
- Version 8.0.0 - 8.1.0
- Version 7.0.0 - 7.1.0
BIG-IP (all modules)
- Version 16.0.0 - 16.1.2
- Version 15.1.0 - 15.1.4
- Version 14.1.0 - 14.1.4
- Version 13.1.0 - 13.1.4
- Version 12.1.0 - 12.1.6
- Version 11.6.1 - 11.6.5.2
BIG-IP (DNS, GTM)
- Version 15.1.0 - 15.1.3
- Version 14.1.0 - 14.1.4
- Version 13.1.0 - 13.1.4
- Version 12.1.0 - 12.1.6
- Version 11.6.1 - 11.6.5
BIG-IP (AFM)
- Version 16.1.0 - 16.1.1
- Version 15.1.0 - 15.1.4
- Version 14.1.0 - 14.1.4
- Version 13.1.0 - 13.1.4
- Version 12.1.5.2 - 12.1.6
BIG-IP (Advanced WAF, ASM, FPS)
- Version 16.0.0 - 16.1.1
- Version 15.1.0 - 15.1.4
- Version 14.1.0 - 14.1.4
- Version 13.1.0 - 13.1.4
- Version 12.1.0 - 12.1.6
BIG-IP (APM)
- Version 16.0.0 - 16.1.2
- Version 15.1.0 - 15.1.5
- Version 14.1.0 - 14.1.4
- Version 13.1.0 - 13.1.4
- Version 12.1.0 - 12.1.6
- Version 11.6.1 - 11.6.5
BIG-IP APM Clients
- Version 7.2.1 - 7.2.1.3
- Version 7.1.6 - 7.1.9
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://support.f5.com/csp/article/K57735782
- https://support.f5.com/csp/article/K47592780
- https://support.f5.com/csp/article/K34360320
- https://support.f5.com/csp/article/K68755210
- https://support.f5.com/csp/article/K26310765
- https://support.f5.com/csp/article/K29500533
- https://support.f5.com/csp/article/K93526903
- https://support.f5.com/csp/article/K08476614
- https://support.f5.com/csp/article/K91013510
- https://support.f5.com/csp/article/K28042514
- https://support.f5.com/csp/article/K24358905
- https://support.f5.com/csp/article/K82793463
- https://support.f5.com/csp/article/K17514331
- https://support.f5.com/csp/article/K57111075
- https://support.f5.com/csp/article/K96924184
- https://support.f5.com/csp/article/K11742742
- https://support.f5.com/csp/article/K54892865
- https://support.f5.com/csp/article/K44110411
- https://support.f5.com/csp/article/K08402414
- https://support.f5.com/csp/article/K30573026
- https://support.f5.com/csp/article/K16101409
- https://support.f5.com/csp/article/K50343028
- https://support.f5.com/csp/article/K53442005
- https://support.f5.com/csp/article/K61112120
- https://support.f5.com/csp/article/K30525503
Vulnerability Identifier
- CVE-2022-23008
- CVE-2022-23009
- CVE-2022-23010
- CVE-2022-23011
- CVE-2022-23012
- CVE-2022-23013
- CVE-2022-23014
- CVE-2022-23015
- CVE-2022-23016
- CVE-2022-23017
- CVE-2022-23018
- CVE-2022-23019
- CVE-2022-23020
- CVE-2022-23021
- CVE-2022-23022
- CVE-2022-23023
- CVE-2022-23024
- CVE-2022-23025
- CVE-2022-23026
- CVE-2022-23027
- CVE-2022-23028
- CVE-2022-23029
- CVE-2022-23030
- CVE-2022-23031
Source
Related Link
Share with