CVE-2022-34851— BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-34851
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851
Source: NVD (National Vulnerability Database)
Vulnerability Description
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
F5 BIG-IP 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP存在输入验证错误漏洞,经过身份验证的攻击者可能会通过未公开的请求导致 iControl SOAP 变得不可用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| F5 | BIG-IP | 13.1.0 ~ 13.1.x* | - | |
| F5 | BIG-IQ Centralized Management | 7.0.0 ~ 7.x* | - |
II. Public POCs for CVE-2022-34851
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-34851
请登录查看更多情报信息。
- https://support.f5.com/csp/article/K50310001x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-34851
Same Patch Batch · F5 · 2022-08-04 · 21 CVEs total
| CVE-2022-35243 | 8.7 HIGH | Authenticated iControl REST in Appliance mode vulnerability CVE-2022-35243 |
| CVE-2022-35728 | 8.1 HIGH | iControl REST vulnerability CVE-2022-35728 |
| CVE-2022-35272 | 7.5 HIGH | BIG-IP HTTP MRF vulnerability CVE-2022-35272 |
| CVE-2022-35245 | 7.5 HIGH | BIG-IP APM access policy vulnerability CVE-2022-35245 |
| CVE-2022-35240 | 7.5 HIGH | BIG-IP Message Routing MQTT vulnerability CVE-2022-35240 |
| CVE-2022-35236 | 7.5 HIGH | HTTP2 profile vulnerability CVE-2022-35236 |
| CVE-2022-34862 | 7.5 HIGH | TMM vulnerability CVE-2022-34862 |
| CVE-2022-32455 | 7.5 HIGH | TMM vulnerability CVE-2022-32455 |
| CVE-2022-34655 | 7.5 HIGH | TMM vulnerability CVE-2022-34655 |
| CVE-2022-34651 | 7.5 HIGH | BIG-IP TLS 1.3 iRule vulnerability CVE-2022-34651 |
| CVE-2022-33203 | 7.5 HIGH | BIG-IP APM and F5 SSL Orchestrator vulnerability CVE-2022-33203 |
| CVE-2022-35735 | 7.2 HIGH | BIG-IP monitor configuration vulnerability CVE-2022-35735 |
| CVE-2022-31473 | 6.8 MEDIUM | BIG-IP APM Appliance mode vulnerability CVE-2022-31473 |
| CVE-2022-33962 | 6.7 MEDIUM | BIG-IP iRule vulnerability CVE-2022-33962 |
| CVE-2022-30535 | 6.5 MEDIUM | NGINX Ingress Controller vulnerability CVE-2022-30535 |
| CVE-2022-35241 | 6.5 MEDIUM | NGINX Instance Manager vulnerability CVE-2022-35241 |
| CVE-2022-34844 | 5.9 MEDIUM | BIG-IP and BIG-IQ AWS vulnerability CVE-2022-34844 |
| CVE-2022-33947 | 5.4 MEDIUM | BIG-IP DNS TMUI Vulnerability CVE-2022-33947 |
| CVE-2022-34865 | 4.8 MEDIUM | Traffic intelligence feeds vulnerability CVE-2022-34865 |
| CVE-2022-33968 | 3.7 LOW | BIG-IP LTM and APM NTLM vulnerability CVE-2022-33968 |
IV. Related Vulnerabilities
V. Comments for CVE-2022-34851
No comments yet