Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-23032

EPSS 0.12% · P31
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-23032

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
源验证错误
Source: NVD (National Vulnerability Database)
Vulnerability Title
F5 BIG-IP APM 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
F5 BIG-IP APM是美国F5公司的一套访问和安全解决方案。该产品提供统一访问关键业务应用和网络的功能。 F5 BIG-IP APM 存在访问控制错误漏洞,该漏洞源于在 BIG-IP APM 系统的网络访问资源中配置代理设置时,在 Mac 和 Windows 上连接 BIG-IP Edge Client 很容易受到 DNS 重新绑定攻击。DNS 重新绑定允许外部攻击者绕过同源策略。未经身份验证的远程攻击者可以利用此漏洞窃取代理配置详细信息,包括子域信息和内部 IP 地址。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-BIG-IP Edge Client for Mac and Windows All versions before 7.2.1.4 -

II. Public POCs for CVE-2022-23032

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-23032

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-01-25 · 67 CVEs total

CVE-2021-45803MartDevelopers Iresturant SQL注入漏洞
CVE-2021-40159Autodesk Inventor 信息泄露漏洞
CVE-2021-40158Autodesk Inventor 缓冲区错误漏洞
CVE-2021-44988JerryScript 缓冲区错误漏洞
CVE-2021-46483Jsish 缓冲区错误漏洞
CVE-2022-23935exiftool 操作系统命令注入漏洞
CVE-2021-45340libsixel 代码问题漏洞
CVE-2021-45844FreeCad 操作系统命令注入漏洞
CVE-2021-45845FreeCad 操作系统命令注入漏洞
CVE-2021-45802MartDevelopers Iresturant SQL注入漏洞
CVE-2021-46481Jsish 安全漏洞
CVE-2021-46113MartDevelopers KEA-Hotel-ERP 代码问题漏洞
CVE-2021-45846Slic3r 代码问题漏洞
CVE-2021-45847Slic3r 代码问题漏洞
CVE-2021-46089JeecgBoot SQL注入漏洞
CVE-2021-46033ForestBlog 代码问题漏洞
CVE-2021-46034ForestBlog 跨站脚本漏洞
CVE-2021-46086Mindskip xzs-mysql 权限许可和访问控制问题漏洞
CVE-2021-46084Uscat 跨站脚本漏洞
CVE-2021-46083Uscat 跨站脚本漏洞

Showing top 20 of 67 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-346

V. Comments for CVE-2022-23032

No comments yet

Leave a comment