What is CVE-2022-29479?

CVE-2022-29479 is a medium-severity vulnerability in F5 Big-ip, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2022-05-05.

How severe is CVE-2022-29479?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2022-29479 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in F5 Big-ip

CVE-2022-29479

On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.009 (75.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

F5 Big-ip — versions 12.1.x, 11.6.x, 17.0.0
F5 Big-iq Centralized Management — versions 8.x, 7.x

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

karimhabush/cyberowl

References

support.f5.com/csp/article/K64124988 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-29479?: CVE-2022-29479 is a medium-severity vulnerability in F5 Big-ip, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2022-05-05.
How severe is CVE-2022-29479?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2022-29479 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.