Threat Advisory: F5 Reports High Severity Vulnerabilities in Multiple Products
Multiple product vulnerabilities were reported by F5, including high, medium, and low severity risk weaknesses, involving multiple conditions that could lead an attacker to exploit F5 services installed on client premises.
|Product Affected||Vulnerable Version||CVE-CVSS Associated||Risk / Details for vulnerability||Recommendations|
|BIG-IP||13.1.0 to 17.0.0||CVE-2022-35243
|High and medium risk vulnerabilities related to multiple attack vector and exploitation processes.||Update systems with latest security patches and review specific recommendations associated with each CVE.|
|NGINX Instance Manager||1.0.0 – 2.0.0||CVE-2022-35241
|Medium risk vulnerabilities related to multiple attack vector and exploitation processes.||Update systems with latest security patches and review specific recommendations associated with each CVE.|
|BIG-IP||13.1.0 to 17.0.0||NA||Attack signature security exposure.||The attack signature check fails to detect and block such requests|
The Security On-Demand Threat Recon Unit will continue to monitor these events and provide relevant updates. At this time, we recommend applying vendor patches immediately.
The SOD Threat Recon Unit will also keep track of any exploitation tool or PoC (Proof of Concept) that could leverage the vulnerabilities to exploit systems actively. Additionally, the new IoCs and IoAs will be included proactively as part of the monitoring mechanism in the ThreatWatch technology on every service tier.
Please note, we have already contacted you if we have seen anything in your environment related to this vulnerability.
Please contact your Security On-Demand Customer Success Manager if you have any questions about this alert.
https://support.f5.com/csp/article/K14649763 – F5 Security Advisory
High Vulnerabilities reported:
- https://support.f5.com/csp/article/K11010341 – K11010341: Authenticated iControl REST in Appliance mode vulnerability CVE-2022-35243
- https://support.f5.com/csp/article/K55580033 – K55580033: iControl REST vulnerability CVE-2022-35728
- https://support.f5.com/csp/article/K93504311 – K93504311: TMM vulnerability CVE-2022-34655
- https://support.f5.com/csp/article/K58235223 – K58235223: BIG-IP APM access policy vulnerability CVE-2022-35245
- https://support.f5.com/csp/article/K28405643 – K28405643: BIG-IP Message Routing MQTT vulnerability CVE-2022-35240
- https://support.f5.com/csp/article/K79933541 – K79933541: HTTP2 profile vulnerability CVE-2022-35236
- https://support.f5.com/csp/article/K59197053 – K59197053: BIG-IP TLS1.3 iRule vulnerability
- https://support.f5.com/csp/article/K16852653 – K16852653: TMM vulnerability CVE-2022-32455
- https://support.f5.com/csp/article/K66510514 – K66510514: TMM vulnerability CVE-2022-34862
- https://support.f5.com/csp/article/K52534925 – K52534925: BIG-IP APM and SSL Orchestrator vulnerability
- https://support.f5.com/csp/article/K90024104 – K90024104: BIG-IP HTTP MRF vulnerability CVE-2022-35272
- https://support.f5.com/csp/article/K13213418 – K13213418: BIG-IP monitor configuration vulnerability CVE-2022-35735
Medium Vulnerabilities reported:
- https://support.f5.com/csp/article/K34893234 – K34893234: BIG-IP APM Appliance mode vulnerability CVE-2022-31473
- https://support.f5.com/csp/article/K80970653 – K80970653: BIG-IP iRules vulnerability CVE-2022-33962
- https://support.f5.com/csp/article/K37080719 – K37080719: NGINX Instance Manager vulnerability CVE-2022-35241
- https://support.f5.com/csp/article/K52125139 – K52125139: NGINX Ingress Controller vulnerability CVE-2022-30535
- https://support.f5.com/csp/article/K34511555 – K34511555: BIG-IP AWS vulnerability CVE-2022-34844
- https://support.f5.com/csp/article/K38893457 – K38893457: BIG-IP DNS TMUI vulnerability CVE-2022-33947
- https://support.f5.com/csp/article/K25046752 – K25046752: Traffic Intelligence feeds vulnerability CVE-2022-34865
- https://support.f5.com/csp/article/K50310001 – K50310001: BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34
Low Vulnerabilities reported:
- https://support.f5.com/csp/article/K23465404 – K23465404: BIG-IP LTM and APM NTLM vulnerability CVE-2022-33968
- https://support.f5.com/csp/article/K22251611 – K22251611: Attack signature check security exposure