BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851
CVE-2022-34851

4.3MEDIUM

Key Information:

Vendor: F5
Status: Big-ip; Big-iq Centralized Management
Vendor: CVE Published:; 4 August 2022

Summary

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Version(s)

BIG-IP 13.1.0 < 13.1.x*

BIG-IP 14.1.x < 14.1.5.1

BIG-IP 15.1.x < 15.1.6.1

References

https://support.f5.com/csp/article/K50310001

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 4, 2022
Vulnerability Reserved
Jul 19, 2022

Credit

F5 acknowledges the KITRI BOB Team for bringing this issue to our attention and following the highest standards of coordinated disclosure. KITRI BOB Team: Jeong Su Hwan, Kim Dong Jun, Jung Min Woo, Jang Min Ki, Lee Jung Woo, Heo Seung Hwan