Threat Advisory: F5 Reports High Severity Vulnerabilities in Multiple Products
Event Summary
Multiple product vulnerabilities were reported by F5, including high, medium, and low severity risk weaknesses, involving multiple conditions that could lead an attacker to exploit F5 services installed on client premises.
Details
| Product Affected | Vulnerable Version | CVE-CVSS Associated | Risk / Details for vulnerability | Recommendations |
| BIG-IP | 13.1.0 to 17.0.0 | CVE-2022-35243 CVE-2022-35728 CVE-2022-34655 CVE-2022-35245 CVE-2022-35240 CVE-2022-35236 CVE-2022-34651 CVE-2022-32455 CVE-2022-34862 CVE-2022-33203 CVE-2022-35272 CVE-2022-35735 CVE-2022-31473 CVE-2022-33962 CVE-2022-34844 CVE-2022-33947 CVE-2022-34865 CVE-2022-34851 | High and medium risk vulnerabilities related to multiple attack vector and exploitation processes. | Update systems with latest security patches and review specific recommendations associated with each CVE. |
| NGINX Instance Manager | 1.0.0 – 2.0.0 | CVE-2022-35241 CVE-2022-30535 | Medium risk vulnerabilities related to multiple attack vector and exploitation processes. | Update systems with latest security patches and review specific recommendations associated with each CVE. |
| BIG-IP | 13.1.0 to 17.0.0 | NA | Attack signature security exposure. | The attack signature check fails to detect and block such requests |
SOD Actions
The Security On-Demand Threat Recon Unit will continue to monitor these events and provide relevant updates. At this time, we recommend applying vendor patches immediately.
The SOD Threat Recon Unit will also keep track of any exploitation tool or PoC (Proof of Concept) that could leverage the vulnerabilities to exploit systems actively. Additionally, the new IoCs and IoAs will be included proactively as part of the monitoring mechanism in the ThreatWatch technology on every service tier.
Please note, we have already contacted you if we have seen anything in your environment related to this vulnerability.
Please contact your Security On-Demand Customer Success Manager if you have any questions about this alert.
Resources
https://support.f5.com/csp/article/K14649763 – F5 Security Advisory
High Vulnerabilities reported:
- https://support.f5.com/csp/article/K11010341 – K11010341: Authenticated iControl REST in Appliance mode vulnerability CVE-2022-35243
- https://support.f5.com/csp/article/K55580033 – K55580033: iControl REST vulnerability CVE-2022-35728
- https://support.f5.com/csp/article/K93504311 – K93504311: TMM vulnerability CVE-2022-34655
- https://support.f5.com/csp/article/K58235223 – K58235223: BIG-IP APM access policy vulnerability CVE-2022-35245
- https://support.f5.com/csp/article/K28405643 – K28405643: BIG-IP Message Routing MQTT vulnerability CVE-2022-35240
- https://support.f5.com/csp/article/K79933541 – K79933541: HTTP2 profile vulnerability CVE-2022-35236
- https://support.f5.com/csp/article/K59197053 – K59197053: BIG-IP TLS1.3 iRule vulnerability
- https://support.f5.com/csp/article/K16852653 – K16852653: TMM vulnerability CVE-2022-32455
- https://support.f5.com/csp/article/K66510514 – K66510514: TMM vulnerability CVE-2022-34862
- https://support.f5.com/csp/article/K52534925 – K52534925: BIG-IP APM and SSL Orchestrator vulnerability
- https://support.f5.com/csp/article/K90024104 – K90024104: BIG-IP HTTP MRF vulnerability CVE-2022-35272
- https://support.f5.com/csp/article/K13213418 – K13213418: BIG-IP monitor configuration vulnerability CVE-2022-35735
Medium Vulnerabilities reported:
- https://support.f5.com/csp/article/K34893234 – K34893234: BIG-IP APM Appliance mode vulnerability CVE-2022-31473
- https://support.f5.com/csp/article/K80970653 – K80970653: BIG-IP iRules vulnerability CVE-2022-33962
- https://support.f5.com/csp/article/K37080719 – K37080719: NGINX Instance Manager vulnerability CVE-2022-35241
- https://support.f5.com/csp/article/K52125139 – K52125139: NGINX Ingress Controller vulnerability CVE-2022-30535
- https://support.f5.com/csp/article/K34511555 – K34511555: BIG-IP AWS vulnerability CVE-2022-34844
- https://support.f5.com/csp/article/K38893457 – K38893457: BIG-IP DNS TMUI vulnerability CVE-2022-33947
- https://support.f5.com/csp/article/K25046752 – K25046752: Traffic Intelligence feeds vulnerability CVE-2022-34865
- https://support.f5.com/csp/article/K50310001 – K50310001: BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34
Low Vulnerabilities reported:
- https://support.f5.com/csp/article/K23465404 – K23465404: BIG-IP LTM and APM NTLM vulnerability CVE-2022-33968
Security Exposure:
- https://support.f5.com/csp/article/K22251611 – K22251611: Attack signature check security exposure
