Vulnerability Details : CVE-2022-26415


CVE Name: CVE-2022-26415: Bypass Something vulnerability on F5 Big Ip Access Policy Manager, F5 Big Ip Advanced Firewall Manager, F5 Big Ip Analytics, F5 Big Ip Domain Name System, F5 Big Ip Application Acceleration Manager, F5 Big Ip Fraud Protection Service, F5 Big Ip Global Traffic Manager, F5 Big Ip Link Controller, F5 Big Ip Local Traffic Manager, F5 Big Ip Application Security Manager, F5 Big Ip Policy Enforcement Manager
Description: On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Publish date: 2022-05-05T17:15Z
Last Update: 2022-06-22T17:25Z

CVSS Scores & Vulnerability Types


CVSS Score
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH
Actack VectorNETWORK
Actack ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
ScopeCHANGED
Vulnerability Type(s)Bypass Something
CWE ID77

Detail of Verions Affected


# Product Type Vendor Product Version
1 Application F5 Big Ip Access Policy Manager *
2 Application F5 Big Ip Advanced Firewall Manager *
3 Application F5 Big Ip Analytics *
4 Application F5 Big Ip Domain Name System *
5 Application F5 Big Ip Application Acceleration Manager *
6 Application F5 Big Ip Fraud Protection Service *
7 Application F5 Big Ip Global Traffic Manager *
8 Application F5 Big Ip Link Controller *
9 Application F5 Big Ip Local Traffic Manager *
10 Application F5 Big Ip Access Policy Manager *
11 Application F5 Big Ip Access Policy Manager *
12 Application F5 Big Ip Access Policy Manager *
13 Application F5 Big Ip Access Policy Manager *
14 Application F5 Big Ip Advanced Firewall Manager *
15 Application F5 Big Ip Advanced Firewall Manager *
16 Application F5 Big Ip Advanced Firewall Manager *
17 Application F5 Big Ip Advanced Firewall Manager *
18 Application F5 Big Ip Analytics *
19 Application F5 Big Ip Analytics *
20 Application F5 Big Ip Analytics *
21 Application F5 Big Ip Analytics *
22 Application F5 Big Ip Application Security Manager *
23 Application F5 Big Ip Policy Enforcement Manager *
24 Application F5 Big Ip Application Acceleration Manager *
25 Application F5 Big Ip Application Acceleration Manager *
26 Application F5 Big Ip Application Acceleration Manager *
27 Application F5 Big Ip Application Acceleration Manager *
28 Application F5 Big Ip Application Security Manager *
29 Application F5 Big Ip Application Security Manager *
30 Application F5 Big Ip Application Security Manager *
31 Application F5 Big Ip Application Security Manager *
32 Application F5 Big Ip Domain Name System *
33 Application F5 Big Ip Domain Name System *
34 Application F5 Big Ip Domain Name System *
35 Application F5 Big Ip Domain Name System *
36 Application F5 Big Ip Fraud Protection Service *
37 Application F5 Big Ip Fraud Protection Service *
38 Application F5 Big Ip Fraud Protection Service *
39 Application F5 Big Ip Fraud Protection Service *
40 Application F5 Big Ip Global Traffic Manager *
41 Application F5 Big Ip Global Traffic Manager *
42 Application F5 Big Ip Global Traffic Manager *
43 Application F5 Big Ip Global Traffic Manager *
44 Application F5 Big Ip Link Controller *
45 Application F5 Big Ip Link Controller *
46 Application F5 Big Ip Link Controller *
47 Application F5 Big Ip Link Controller *
48 Application F5 Big Ip Local Traffic Manager *
49 Application F5 Big Ip Local Traffic Manager *
50 Application F5 Big Ip Local Traffic Manager *
51 Application F5 Big Ip Local Traffic Manager *
52 Application F5 Big Ip Policy Enforcement Manager *
53 Application F5 Big Ip Policy Enforcement Manager *
54 Application F5 Big Ip Policy Enforcement Manager *
55 Application F5 Big Ip Policy Enforcement Manager *

References For CVE-2022-26415


Hyperlink Resource
https://support.f5.com/csp/article/K81952114 Vendor Advisory