CVE-2022-28695 | Vulnerability Database | Aqua Security

On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected Software

Name	Vendor	Start Version	End Version
Big-ip_advanced_firewall_manager	F5	13.1.0 (including)	13.1.0 (including)
Big-ip_advanced_firewall_manager	F5	13.1.1 (including)	13.1.1 (including)
Big-ip_advanced_firewall_manager	F5	13.1.3 (including)	13.1.3 (including)
Big-ip_advanced_firewall_manager	F5	13.1.4 (including)	13.1.4 (including)
Big-ip_advanced_firewall_manager	F5	13.1.5 (including)	13.1.5 (including)
Big-ip_advanced_firewall_manager	F5	14.1.0 (including)	14.1.0 (including)
Big-ip_advanced_firewall_manager	F5	14.1.2 (including)	14.1.2 (including)
Big-ip_advanced_firewall_manager	F5	14.1.3 (including)	14.1.3 (including)
Big-ip_advanced_firewall_manager	F5	14.1.4 (including)	14.1.4 (including)
Big-ip_advanced_firewall_manager	F5	15.1.0 (including)	15.1.0 (including)
Big-ip_advanced_firewall_manager	F5	15.1.1 (including)	15.1.1 (including)
Big-ip_advanced_firewall_manager	F5	15.1.2 (including)	15.1.2 (including)
Big-ip_advanced_firewall_manager	F5	15.1.3 (including)	15.1.3 (including)
Big-ip_advanced_firewall_manager	F5	15.1.4 (including)	15.1.4 (including)
Big-ip_advanced_firewall_manager	F5	15.1.5 (including)	15.1.5 (including)
Big-ip_advanced_firewall_manager	F5	16.1.0 (including)	16.1.0 (including)
Big-ip_advanced_firewall_manager	F5	16.1.1 (including)	16.1.1 (including)
Big-ip_advanced_firewall_manager	F5	16.1.2 (including)	16.1.2 (including)
Big-ip_advanced_firewall_manager	F5	17.0.0 (including)	17.0.0 (including)

References

https://support.f5.com/csp/article/K08510472

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-28695
CWE	https://cwe.mitre.org/data/definitions/.html