Data Upload Vulnerability in BIG-IP ASM and Advanced WAF by F5 Networks
CVE-2022-23026

4.3MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Asm & Advanced Waf
Vendor: CVE Published:; 25 January 2022

Summary

An authenticated user with minimal privileges can exploit a vulnerability in specific versions of F5 Networks' BIG-IP ASM and Advanced WAF to upload data via an undisclosed REST endpoint. This leads to increased disk resource utilization, potentially impacting system performance. Notably, the issue affects multiple versions, underscoring the importance of updating to supported releases. Please note that versions which have reached End of Technical Support (EoTS) are not evaluated for this vulnerability.

Affected Version(s)

BIG-IP ASM & Advanced WAF 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x

References

https://support.f5.com/csp/article/K08402414

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 25, 2022
Vulnerability Reserved
Jan 10, 2022