CVE-2022-41617 - Vulnerability Details - OpenCVE

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
F5	Big-ip Advanced Web Application Firewall Big-ip Application Security Manager

Configuration 1 [-]

OR	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::

No data.

References

Link	Providers
https://support.f5.com/csp/article/K11830089

History

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.02586}`	epss `{'score': 0.03412}`

Thu, 08 May 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: f5

Published: 2022-10-19T21:19:03.589Z

Updated: 2025-05-08T18:15:10.941Z

Reserved: 2022-09-30T00:00:00.000Z

Link: CVE-2022-41617

Vulnrichment

Updated: 2024-08-03T12:49:43.268Z

NVD

Status : Modified

Published: 2022-10-19T22:15:12.333

Modified: 2024-11-21T07:23:30.390

Link: CVE-2022-41617

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41617", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "datePublished": "2022-10-19T21:19:03.589Z", "dateUpdated": "2025-05-08T18:15:10.941Z", "dateReserved": "2022-09-30T00:00:00.000Z"}, "containers": {"cna": {"title": "BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617", "datePublic": "2022-10-19T00:00:00.000Z", "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2022-10-19T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface."}], "affected": [{"vendor": "F5", "product": "BIG-IP Advanced WAF & ASM", "versions": [{"version": "17.0.0", "status": "unaffected", "lessThan": "17.0.x*", "versionType": "custom"}, {"version": "16.1.x", "status": "affected", "lessThan": "16.1.3.1", "versionType": "custom"}, {"version": "15.1.x", "status": "affected", "lessThan": "15.1.6.1", "versionType": "custom"}, {"version": "14.1.x", "status": "affected", "lessThan": "14.1.5.1", "versionType": "custom"}, {"version": "13.1.x", "status": "affected", "lessThan": "13.1.5.1", "versionType": "custom"}]}], "references": [{"url": "https://support.f5.com/csp/article/K11830089"}], "credits": [{"lang": "en", "value": "This issue was discovered internally by F5."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "cweId": "CWE-77"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.268Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.f5.com/csp/article/K11830089", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-08T18:15:03.458536Z", "id": "CVE-2022-41617", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T18:15:10.941Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.f5.com/csp/article/K11830089", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.268Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-41617", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-08T18:15:03.458536Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T18:15:07.276Z"}}], "cna": {"title": "BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "value": "This issue was discovered internally by F5."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "F5", "product": "BIG-IP Advanced WAF & ASM", "versions": [{"status": "unaffected", "version": "17.0.0", "lessThan": "17.0.x*", "versionType": "custom"}, {"status": "affected", "version": "16.1.x", "lessThan": "16.1.3.1", "versionType": "custom"}, {"status": "affected", "version": "15.1.x", "lessThan": "15.1.6.1", "versionType": "custom"}, {"status": "affected", "version": "14.1.x", "lessThan": "14.1.5.1", "versionType": "custom"}, {"status": "affected", "version": "13.1.x", "lessThan": "13.1.5.1", "versionType": "custom"}]}], "datePublic": "2022-10-19T00:00:00.000Z", "references": [{"url": "https://support.f5.com/csp/article/K11830089"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2022-10-19T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-41617", "state": "PUBLISHED", "dateUpdated": "2025-05-08T18:15:10.941Z", "dateReserved": "2022-09-30T00:00:00.000Z", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "datePublished": "2022-10-19T21:19:03.589Z", "assignerShortName": "f5"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "625271D0-BEC2-4C5D-9FBF-02BAECC09623", "versionEndExcluding": "13.1.5.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "347F77D0-D727-4851-94AD-D624A4655B11", "versionEndExcluding": "14.1.5.1", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E436AE2-6440-49EF-BCC3-D69F6931386E", "versionEndExcluding": "15.1.6.1", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1256CDF-2016-468E-B44B-5D2E7F487361", "versionEndExcluding": "16.1.3.1", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "87CE70BA-48FA-4DFD-A2C2-2A91578E38CC", "versionEndExcluding": "13.1.5.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4FFADE1-6D10-412B-84F2-AD6895EF8196", "versionEndExcluding": "14.1.5.1", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E51349F-E198-4643-A10D-6C1D35E10F0D", "versionEndExcluding": "15.1.6.1", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "179FECCD-2795-4194-BED0-18CFEF792E9F", "versionEndExcluding": "16.1.3.1", "versionStartIncluding": "16.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface."}, {"lang": "es", "value": "En versiones 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5.1 y 13.1.x anteriores a 13.1.5.1, cuando es aprovisionado el m\u00f3dulo Advanced WAF / ASM, se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto autenticado en la interfaz REST de BIG-IP iControl"}], "id": "CVE-2022-41617", "lastModified": "2024-11-21T07:23:30.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "f5sirt@f5.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-19T22:15:12.333", "references": [{"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K11830089"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K11830089"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "f5sirt@f5.com", "type": "Secondary"}]}