DOM-Based Cross-Site Scripting Vulnerability in BIG-IP DNS & GTM by F5 Networks
CVE-2022-23013

8.8HIGH

Key Information:

Vendor: F5
Status: Big-ip Dns & Gtm
Vendor: CVE Published:; 25 January 2022

What is CVE-2022-23013?

A DOM-based cross-site scripting (XSS) vulnerability has been identified in the BIG-IP Configuration utility of F5 Networks’ BIG-IP DNS and GTM products. This vulnerability enables an attacker to execute malicious JavaScript code within the context of the browser session of an authenticated user, potentially leading to unauthorized access and data manipulation. It affects specific versions of the software, with older versions reaching an end of technical support not being evaluated for this issue.

Affected Version(s)

BIG-IP DNS & GTM 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x

References

https://support.f5.com/csp/article/K29500533

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 25, 2022
Vulnerability Reserved
Jan 10, 2022