GSD-2022-35735
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-35735",
"description": "In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GSD-2022-35735"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-35735"
],
"details": "In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GSD-2022-35735",
"modified": "2023-12-13T01:19:33.355334Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-08-03T14:00:00.000Z",
"ID": "CVE-2022-35735",
"STATE": "PUBLIC",
"TITLE": "BIG-IP monitor configuration vulnerability CVE-2022-35735"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "13.1.x",
"version_value": "13.1.0"
},
{
"version_affected": "\u003c",
"version_name": "14.1.x",
"version_value": "14.1.5.1"
},
{
"version_affected": "\u003c",
"version_name": "15.1.x",
"version_value": "15.1.6.1"
},
{
"version_affected": "\u003c",
"version_name": "16.1.x",
"version_value": "16.1.3.1"
},
{
"version_affected": "!\u003e=",
"version_name": "17.0.x",
"version_value": "17.0.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K13213418",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K13213418"
}
]
},
"source": {
"discovery": "INTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.3.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.6.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.5.1",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.3.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.6.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.5.1",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.5.1",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.6.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.3.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.3.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.6.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.5.1",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.5.1",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.5.1",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.6.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.3.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.3.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.6.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.5.1",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.3.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.6.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.5.1",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.6.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.3.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.5.1",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.6.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.3.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.3.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.6.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.5.1",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.5.1",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.6.1",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.3.1",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2022-35735"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K13213418",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K13213418"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-08-10T19:26Z",
"publishedDate": "2022-08-04T18:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…