QID 376343

QID 376343: F5 BIG-IP Application Security Manager (ASM) and Advanced Web Application Firewall (WAF) REST API endpoint Vulnerability (K08402414)

An authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization.CVE-2022-23026

Vulnerable Component: BIG-IP ASM

Affected Versions:
16.0.0 - 16.1.1
15.1.0 - 15.1.4
14.1.0 - 14.1.4
13.1.0 - 13.1.4
12.1.0 - 12.1.6

QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

An authenticated user with low privileges, such as a guest, may exploit this vulnerability to increase disk utilization, which may cause the Configuration utility to fail to function as expected. There is no data plane exposure; this is a control plane issue only.

  • CVSS V3 rated as High - 6.2 severity.
  • CVSS V2 rated as Medium - 5.4 severity.
  • Solution
    The vendor has released patch, for more information please visit: K08402414
    Vendor References

    CVEs related to QID 376343

    Software Advisories
    Advisory ID Software Component Link
    K08402414 URL Logo support.f5.com/csp/article/K08402414