CVE-2022-28695 HIGH

CVE-2022-28695

Vendor F5

Product BIG-IP AFM

Weakness CWE-20 · Input validation

Published May 5, 2022

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Key dates

02Disclosure timeline

May 5, 2022 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-28695 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2022-28695

CWE CWE-20

CVSS 7.2 / HIGH

Affected versions

Vendor F5

Product BIG-IP AFM

Affected ≥ 16.1.x and < 16.1.2.2

Vendor F5

Product BIG-IP AFM

Affected ≥ 15.1.x and < 15.1.5.1

Vendor F5

Product BIG-IP AFM

Affected ≥ 14.1.x and < 14.1.4.6

Vendor F5

Product BIG-IP AFM

Affected ≥ 13.1.x and < 13.1.5

CVE-2022-28695

01Description

02Disclosure timeline

03References

04Related CVE