CVE-2022-34844
Vulnerability from cvelistv5
Published
2022-08-04 17:47
Modified
2024-09-16 20:58
Severity ?
EPSS score ?
Summary
BIG-IP and BIG-IQ AWS vulnerability CVE-2022-34844
References
| ▼ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | https://support.f5.com/csp/article/K34511555 | Vendor Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| F5 | BIG-IP | |
| F5 | BIG-IQ Centralized Management |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K34511555"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "13.1.x*",
"status": "unaffected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "14.1.x*",
"status": "unaffected",
"version": "14.1.0",
"versionType": "custom"
},
{
"lessThan": "15.1.6.1",
"status": "affected",
"version": "15.1.x",
"versionType": "custom"
},
{
"lessThan": "16.1.3.1",
"status": "affected",
"version": "16.1.x",
"versionType": "custom"
},
{
"lessThan": "17.0.x*",
"status": "unaffected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"product": "BIG-IQ Centralized Management",
"vendor": "F5",
"versions": [
{
"lessThan": "7.x*",
"status": "unaffected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "8.x*",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker\u0027s control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T17:47:44",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K34511555"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BIG-IP and BIG-IQ AWS vulnerability CVE-2022-34844",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-08-03T14:00:00.000Z",
"ID": "CVE-2022-34844",
"STATE": "PUBLIC",
"TITLE": "BIG-IP and BIG-IQ AWS vulnerability CVE-2022-34844"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "!\u003e=",
"version_name": "13.1.x",
"version_value": "13.1.0"
},
{
"version_affected": "!\u003e=",
"version_name": "14.1.x",
"version_value": "14.1.0"
},
{
"version_affected": "\u003c",
"version_name": "15.1.x",
"version_value": "15.1.6.1"
},
{
"version_affected": "\u003c",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "!\u003e=",
"version_name": "17.0.x",
"version_value": "17.0.0"
}
]
}
},
{
"product_name": "BIG-IQ Centralized Management",
"version": {
"version_data": [
{
"version_affected": "!\u003e=",
"version_name": "7.x",
"version_value": "7.0.0"
},
{
"version_affected": "\u003e=",
"version_name": "8.x",
"version_value": "8.0.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker\u0027s control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K34511555",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K34511555"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2022-34844",
"datePublished": "2022-08-04T17:47:44.666161Z",
"dateReserved": "2022-07-19T00:00:00",
"dateUpdated": "2024-09-16T20:58:07.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-34844\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2022-08-04T18:15:10.180\",\"lastModified\":\"2022-08-10T23:46:26.420\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker\u0027s control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"},{\"lang\":\"es\",\"value\":\"En BIG-IP versiones 16.1.x anteriores a 16.1.3.1 y 15.1.x anteriores a 15.1.6.1, y en todas las versiones de BIG-IQ 8.x, cuando es usado el controlador Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) con BIG-IP o BIG-IQ en sistemas de Amazon Web Services (AWS), el tr\u00e1fico no revelado puede causar la terminaci\u00f3n del Traffic Management Microkernel (TMM). La explotaci\u00f3n con \u00e9xito depende de condiciones fuera del control del atacante. Nota: Las versiones de software que han alcanzado el Fin del Soporte T\u00e9cnico (EoTS) no son evaluadas no son evaluadas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"160570FB-7707-4362-90B0-F8C8FE8BA38B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"AE0DB896-63DC-4622-A4DA-5B77A919EDF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"1FADD47D-1A4C-430F-B7C7-763F72893824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"EE0CE38A-7167-4DE4-BB9D-CD6DF81FE0F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"2728406D-E27A-4434-BC3B-4D844F0E7BA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"1BC32350-1D2B-4284-941B-8B98305C45F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"5E7BD4CE-189E-4CA9-BE66-14A9CED7B63B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"83ACDEF1-CF4F-41BF-B256-EA7198BB9208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"1E51349F-E198-4643-A10D-6C1D35E10F0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"179FECCD-2795-4194-BED0-18CFEF792E9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"FDC0EE80-B537-4061-8D25-7BEE1A8191DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"37684CEC-10C0-4B3C-B8F1-BBAAF3C08B61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"2E49DAA0-9716-4D3A-87D4-CE55E6480CE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"58B1F7D1-80E2-4C5E-967C-C48244BA7B43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"C92185E0-F49B-41E2-815C-93C5643C2CAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"4FE45D7A-BBB1-41AB-B980-B0BE9A3B5E83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"EC49DC01-B0B5-41DF-8B8B-CCE0AED8748C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"6A57376D-044D-46E4-9702-ECEF1F8A6380\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"D0E7A929-53FF-482D-9935-E3B2E6C9D174\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"330DF580-A2F8-43A9-A73A-18DAE744352A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.6.1\",\"matchCriteriaId\":\"4DCF4D67-ECC3-4808-AF91-CA2BE17E5E8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.3.1\",\"matchCriteriaId\":\"EA2E069B-1FD5-48BE-9468-9C70C2BC30C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_centralized_management:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B589C35-55F2-4D40-B5A6-8267EE20D627\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_centralized_management:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA0B396A-B5CE-4337-A33A-EF58C4589CB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_centralized_management:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"756F8EDF-6F87-4C6D-B2DB-ED97F799C27F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_centralized_management:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99D94840-8F62-4232-89F0-A83313AD418A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-iq_centralized_management:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1316A43D-B002-4D27-A89B-63C6F827B722\"}]}]}],\"references\":[{\"url\":\"https://support.f5.com/csp/article/K34511555\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.