DOM-Based Cross-Site Scripting Vulnerability in BIG-IP DNS & GTM by F5 Networks
CVE-2022-23013

8.8HIGH

Key Information:

Vendor: F5
Status: Big-ip Dns & Gtm
Vendor: CVE Published:; 25 January 2022

What is CVE-2022-23013?

A DOM-based cross-site scripting (XSS) vulnerability has been identified in the BIG-IP Configuration utility of F5 Networks’ BIG-IP DNS and GTM products. This vulnerability enables an attacker to execute malicious JavaScript code within the context of the browser session of an authenticated user, potentially leading to unauthorized access and data manipulation. It affects specific versions of the software, with older versions reaching an end of technical support not being evaluated for this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIG-IP DNS & GTM 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x

References

https://support.f5.com/csp/article/K29500533

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 25, 2022
Vulnerability Reserved
Jan 10, 2022

JSON

F5

What is CVE-2022-23013?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.