CVE Vulnerabilities

CVE-2022-27659

Improper Privilege Management

Published: May 05, 2022 | Modified: May 13, 2022
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMUI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Big-ip_access_policy_manager F5 14.1.0 14.1.0
Big-ip_advanced_firewall_manager F5 14.1.0 14.1.0
Big-ip_application_acceleration_manager F5 14.1.0 14.1.0
Big-ip_link_controller F5 14.1.0 14.1.0
Big-ip_policy_enforcement_manager F5 14.1.0 14.1.0
Big-ip_local_traffic_manager F5 14.1.0 14.1.0
Big-ip_analytics F5 14.1.0 14.1.0
Big-ip_application_security_manager F5 14.1.0 14.1.0
Big-ip_domain_name_system F5 14.1.0 14.1.0
Big-ip_global_traffic_manager F5 14.1.0 14.1.0
Big-ip_fraud_protection_service F5 14.1.0 14.1.0
Big-ip_application_acceleration_manager F5 15.1.0 15.1.0
Big-ip_local_traffic_manager F5 15.1.0 15.1.0
Big-ip_advanced_firewall_manager F5 15.1.0 15.1.0
Big-ip_policy_enforcement_manager F5 15.1.0 15.1.0
Big-ip_link_controller F5 15.1.0 15.1.0
Big-ip_global_traffic_manager F5 15.1.0 15.1.0
Big-ip_fraud_protection_service F5 15.1.0 15.1.0
Big-ip_domain_name_system F5 15.1.0 15.1.0
Big-ip_application_security_manager F5 15.1.0 15.1.0
Big-ip_access_policy_manager F5 15.1.0 15.1.0
Big-ip_analytics F5 15.1.0 15.1.0
Big-ip_access_policy_manager F5 14.1.4 14.1.4
Big-ip_advanced_firewall_manager F5 14.1.4 14.1.4
Big-ip_analytics F5 14.1.4 14.1.4
Big-ip_application_acceleration_manager F5 14.1.4 14.1.4
Big-ip_application_security_manager F5 14.1.4 14.1.4
Big-ip_domain_name_system F5 14.1.4 14.1.4
Big-ip_fraud_protection_service F5 14.1.4 14.1.4
Big-ip_local_traffic_manager F5 14.1.4 14.1.4
Big-ip_policy_enforcement_manager F5 14.1.4 14.1.4
Big-ip_global_traffic_manager F5 14.1.4 14.1.4
Big-ip_link_controller F5 14.1.4 14.1.4
Big-ip_application_acceleration_manager F5 16.1.0 16.1.0
Big-ip_access_policy_manager F5 16.1.0 16.1.0
Big-ip_advanced_firewall_manager F5 16.1.0 16.1.0
Big-ip_application_security_manager F5 16.1.0 16.1.0
Big-ip_domain_name_system F5 16.1.0 16.1.0
Big-ip_fraud_protection_service F5 16.1.0 16.1.0
Big-ip_global_traffic_manager F5 16.1.0 16.1.0
Big-ip_link_controller F5 16.1.0 16.1.0
Big-ip_local_traffic_manager F5 16.1.0 16.1.0
Big-ip_policy_enforcement_manager F5 16.1.0 16.1.0
Big-ip_advanced_firewall_manager F5 16.1.2 16.1.2
Big-ip_advanced_firewall_manager F5 16.1.1 16.1.1
Big-ip_advanced_firewall_manager F5 15.1.5 15.1.5
Big-ip_advanced_firewall_manager F5 15.1.4 15.1.4
Big-ip_advanced_firewall_manager F5 15.1.3 15.1.3
Big-ip_advanced_firewall_manager F5 15.1.2 15.1.2
Big-ip_advanced_firewall_manager F5 15.1.1 15.1.1
Big-ip_advanced_firewall_manager F5 14.1.3 14.1.3
Big-ip_advanced_firewall_manager F5 14.1.2 14.1.2
Big-ip_access_policy_manager F5 16.1.2 16.1.2
Big-ip_access_policy_manager F5 16.1.1 16.1.1
Big-ip_access_policy_manager F5 15.1.5 15.1.5
Big-ip_access_policy_manager F5 15.1.4 15.1.4
Big-ip_access_policy_manager F5 15.1.3 15.1.3
Big-ip_access_policy_manager F5 15.1.2 15.1.2
Big-ip_access_policy_manager F5 15.1.1 15.1.1
Big-ip_access_policy_manager F5 14.1.3 14.1.3
Big-ip_access_policy_manager F5 14.1.2 14.1.2
Big-ip_analytics F5 16.1.2 16.1.2
Big-ip_analytics F5 16.1.1 16.1.1
Big-ip_analytics F5 16.1.0 16.1.0
Big-ip_analytics F5 15.1.5 15.1.5
Big-ip_analytics F5 15.1.4 15.1.4
Big-ip_analytics F5 15.1.3 15.1.3
Big-ip_analytics F5 15.1.2 15.1.2
Big-ip_analytics F5 15.1.1 15.1.1
Big-ip_analytics F5 14.1.3 14.1.3
Big-ip_analytics F5 14.1.2 14.1.2
Big-ip_application_security_manager F5 16.1.2 16.1.2
Big-ip_application_security_manager F5 16.1.1 16.1.1
Big-ip_application_security_manager F5 15.1.5 15.1.5
Big-ip_application_security_manager F5 15.1.4 15.1.4
Big-ip_application_security_manager F5 15.1.3 15.1.3
Big-ip_application_security_manager F5 15.1.2 15.1.2
Big-ip_application_security_manager F5 15.1.1 15.1.1
Big-ip_application_security_manager F5 14.1.3 14.1.3
Big-ip_application_security_manager F5 14.1.2 14.1.2
Big-ip_application_acceleration_manager F5 16.1.2 16.1.2
Big-ip_application_acceleration_manager F5 16.1.1 16.1.1
Big-ip_application_acceleration_manager F5 15.1.5 15.1.5
Big-ip_application_acceleration_manager F5 15.1.4 15.1.4
Big-ip_application_acceleration_manager F5 15.1.3 15.1.3
Big-ip_application_acceleration_manager F5 15.1.2 15.1.2
Big-ip_application_acceleration_manager F5 15.1.1 15.1.1
Big-ip_application_acceleration_manager F5 14.1.3 14.1.3
Big-ip_application_acceleration_manager F5 14.1.2 14.1.2
Big-ip_policy_enforcement_manager F5 16.1.2 16.1.2
Big-ip_policy_enforcement_manager F5 16.1.1 16.1.1
Big-ip_policy_enforcement_manager F5 15.1.5 15.1.5
Big-ip_policy_enforcement_manager F5 15.1.4 15.1.4
Big-ip_policy_enforcement_manager F5 15.1.3 15.1.3
Big-ip_policy_enforcement_manager F5 15.1.2 15.1.2
Big-ip_policy_enforcement_manager F5 15.1.1 15.1.1
Big-ip_policy_enforcement_manager F5 14.1.3 14.1.3
Big-ip_policy_enforcement_manager F5 14.1.2 14.1.2
Big-ip_local_traffic_manager F5 16.1.2 16.1.2
Big-ip_local_traffic_manager F5 16.1.1 16.1.1
Big-ip_local_traffic_manager F5 15.1.5 15.1.5
Big-ip_local_traffic_manager F5 15.1.4 15.1.4
Big-ip_local_traffic_manager F5 15.1.3 15.1.3
Big-ip_local_traffic_manager F5 15.1.2 15.1.2
Big-ip_local_traffic_manager F5 15.1.1 15.1.1
Big-ip_local_traffic_manager F5 14.1.3 14.1.3
Big-ip_local_traffic_manager F5 14.1.2 14.1.2
Big-ip_link_controller F5 16.1.2 16.1.2
Big-ip_link_controller F5 16.1.1 16.1.1
Big-ip_link_controller F5 15.1.5 15.1.5
Big-ip_link_controller F5 15.1.4 15.1.4
Big-ip_link_controller F5 15.1.3 15.1.3
Big-ip_link_controller F5 15.1.2 15.1.2
Big-ip_link_controller F5 15.1.1 15.1.1
Big-ip_link_controller F5 14.1.3 14.1.3
Big-ip_link_controller F5 14.1.2 14.1.2
Big-ip_global_traffic_manager F5 16.1.2 16.1.2
Big-ip_global_traffic_manager F5 16.1.1 16.1.1
Big-ip_global_traffic_manager F5 15.1.5 15.1.5
Big-ip_global_traffic_manager F5 15.1.4 15.1.4
Big-ip_global_traffic_manager F5 15.1.3 15.1.3
Big-ip_global_traffic_manager F5 15.1.2 15.1.2
Big-ip_global_traffic_manager F5 15.1.1 15.1.1
Big-ip_global_traffic_manager F5 14.1.3 14.1.3
Big-ip_global_traffic_manager F5 14.1.2 14.1.2
Big-ip_fraud_protection_service F5 16.1.2 16.1.2
Big-ip_fraud_protection_service F5 16.1.1 16.1.1
Big-ip_fraud_protection_service F5 15.1.5 15.1.5
Big-ip_fraud_protection_service F5 15.1.4 15.1.4
Big-ip_fraud_protection_service F5 15.1.3 15.1.3
Big-ip_fraud_protection_service F5 15.1.2 15.1.2
Big-ip_fraud_protection_service F5 15.1.1 15.1.1
Big-ip_fraud_protection_service F5 14.1.3 14.1.3
Big-ip_fraud_protection_service F5 14.1.2 14.1.2
Big-ip_domain_name_system F5 16.1.2 16.1.2
Big-ip_domain_name_system F5 16.1.1 16.1.1
Big-ip_domain_name_system F5 15.1.5 15.1.5
Big-ip_domain_name_system F5 15.1.4 15.1.4
Big-ip_domain_name_system F5 15.1.3 15.1.3
Big-ip_domain_name_system F5 15.1.2 15.1.2
Big-ip_domain_name_system F5 15.1.1 15.1.1
Big-ip_domain_name_system F5 14.1.3 14.1.3
Big-ip_domain_name_system F5 14.1.2 14.1.2

Potential Mitigations

References