What is CVE-2022-25946?

CVE-2022-25946 is a high-severity vulnerability in F5 Big-ip_access_policy_manager, classified under Improper Validation of Integrity Check Value. CVSS score: 8.7/10. Published 2022-05-05.

How severe is CVE-2022-25946?

High severity. CVSS v3 base score is 8.7 out of 10.

Vulnerability in F5 Big-ip_access_policy_manager

CVE-2022-25946

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker wit…

EPSS: 0.004 (29.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N.

Affected products

F5 Big-ip_access_policy_manager — versions 13.1.0, 13.1.1, 13.1.3
F5 Big-ip (Advanced Waf, Apm, Asm) — versions 16.1.x, 15.1.x, 14.1.x
F5 Big-ip_advanced_web_application_firewall — versions 13.1.0, 13.1.1, 13.1.3
F5 Big-ip_application_security_manager — versions 13.1.0, 13.1.1, 13.1.3
F5 Big-ip_guided_configuration
F5 Big-ip Guided Configuration (Gc) — versions All

Weakness classification (CWE)

CWE-354 — Improper Validation of Integrity Check Value

References

f5sirt@f5.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2022-25946?: CVE-2022-25946 is a high-severity vulnerability in F5 Big-ip_access_policy_manager, classified under Improper Validation of Integrity Check Value. CVSS score: 8.7/10. Published 2022-05-05.
How severe is CVE-2022-25946?: High severity. CVSS v3 base score is 8.7 out of 10.