Privilege Escalation in F5 BIG-IP APM Product
CVE-2022-27634

6.5MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Apm
Vendor: CVE Published:; 5 May 2022

Summary

The BIG-IP APM by F5 Networks contains a vulnerability where specific versions fail to properly validate configurations. This oversight enables an authenticated attacker with high privileges to manipulate the APM policy, potentially leading to privilege escalation or remote code execution. Users of affected versions should prioritize applying updates to mitigate the risk of exploitation.

Affected Version(s)

BIG-IP APM 16.1.x < 16.1.2.2

BIG-IP APM 15.1.x < 15.1.5.1

BIG-IP APM 14.1.x

References

https://support.f5.com/csp/article/K57555833

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2022
Vulnerability Reserved
Apr 19, 2022