1. Home
  2. CVE Database
  3. CVE-2022-1468
MEDIUM · 4.3

CVE-2022-1468

On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iCont...

Vulnerability Description

On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
F5Big-Ip Access Policy Manager11.6.1
F5Big-Ip Advanced Firewall Manager11.6.1
F5Big-Ip Analytics11.6.1
F5Big-Ip Application Acceleration Manager11.6.1
F5Big-Ip Application Security Manager11.6.1
F5Big-Ip Domain Name System11.6.1
F5Big-Ip Fraud Protection Service11.6.1
F5Big-Ip Global Traffic Manager11.6.1
F5Big-Ip Link Controller11.6.1
F5Big-Ip Local Traffic Manager11.6.1
F5Big-Ip Policy Enforcement Manager11.6.1

Related Weaknesses (CWE)

CWE-400

References

FAQ

What is CVE-2022-1468?

CVE-2022-1468 is a vulnerability with a CVSS score of 4.3 (MEDIUM). On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iCont...

How severe is CVE-2022-1468?

CVE-2022-1468 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1468?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Access Policy Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Application Security Manager.