- 174/2022
- High
F5 has released security patches for August 2022 to address several vulnerabilities across multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system, disclose information, escalate privileges and cause a denial of service.
The addressed vulnerabilities could allow the remote authenticated attacker to take control of the affected system, disclose information, escalate privileges and cause a denial of service.
Samples of the addressed vulnerabilities:
- F5 BIG-IP security bypass (CVE-2022-35243):
- CVSS: 8.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Bypass Security
- F5 BIG-IP denial of service (CVE-2022-34655):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Mitigations
The enterprise should deploy the patch as soon as the testing phase is completed.
https://support.f5.com/csp/article/K14649763