BIG-IP Advanced WAF/ASM bd vulnerability CVE-2022-41691
CVE-2022-41691

7.5HIGH

Key Information:

Vendor

F5
Status
Big-ip Advanced Waf & Asm
Vendor
CVE Published:
19 October 2022

What is CVE-2022-41691?

When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.

Affected Version(s)

BIG-IP Advanced WAF & ASM 14.1.x < 14.1.5.2

BIG-IP Advanced WAF & ASM 17.0.0 < 17.0.x*

BIG-IP Advanced WAF & ASM 16.1.x

References

https://support.f5.com/csp/article/K02694732

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered internally by F5.
.