CVE-2022-26340 — MEDIUM (4.9)

Q: How severe is CVE-2022-26340?

CVE-2022-26340 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-26340?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Access Policy Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Application Security Manager.

Vulnerability Description

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
F5	Big-Ip Access Policy Manager	11.6.1
F5	Big-Ip Advanced Firewall Manager	11.6.1
F5	Big-Ip Analytics	11.6.1
F5	Big-Ip Application Acceleration Manager	11.6.1
F5	Big-Ip Application Security Manager	11.6.1
F5	Big-Ip Domain Name System	11.6.1
F5	Big-Ip Fraud Protection Service	11.6.1
F5	Big-Ip Global Traffic Manager	11.6.1
F5	Big-Ip Link Controller	11.6.1
F5	Big-Ip Local Traffic Manager	11.6.1
F5	Big-Ip Policy Enforcement Manager	11.6.1
F5	Big-Iq Centralized Management	>= 7.0.0, <= 7.1.0

Related Weaknesses (CWE)

CWE-732

References

https://support.f5.com/csp/article/K38271531Vendor Advisory
https://support.f5.com/csp/article/K38271531Vendor Advisory

FAQ

What is CVE-2022-26340?

CVE-2022-26340 is a vulnerability with a CVSS score of 4.9 (MEDIUM). On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG...

How severe is CVE-2022-26340?

CVE-2022-26340 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-26340?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Access Policy Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Application Security Manager.