CVE-2022-28695 — HIGH (7.2)

Vulnerability Description

On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
F5	Big-Ip Advanced Firewall Manager	13.1.0

Related Weaknesses (CWE)

CWE-20

References

https://support.f5.com/csp/article/K08510472Vendor Advisory
https://support.f5.com/csp/article/K08510472Vendor Advisory

FAQ

What is CVE-2022-28695?

CVE-2022-28695 is a vulnerability with a CVSS score of 7.2 (HIGH). On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privi...

How severe is CVE-2022-28695?

CVE-2022-28695 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-28695?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Advanced Firewall Manager.