Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2022-27806

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

  • Published: May 5, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-27806
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.2
  • AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6
  • AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
f5 / big-ip_access_policy_manager 13.1.0 13.1.0.x
f5 / big-ip_application_security_manager 13.1.0 13.1.0.x
f5 / big-ip_access_policy_manager 14.1.0 14.1.0.x
f5 / big-ip_application_security_manager 14.1.0 14.1.0.x
f5 / big-ip_application_security_manager 15.1.0 15.1.0.x
f5 / big-ip_access_policy_manager 15.1.0 15.1.0.x
f5 / big-ip_advanced_web_application_firewall 15.1.0 15.1.0.x
f5 / big-ip_access_policy_manager 14.1.4 14.1.4.x
f5 / big-ip_advanced_web_application_firewall 14.1.4 14.1.4.x
f5 / big-ip_application_security_manager 14.1.4 14.1.4.x
f5 / big-ip_advanced_web_application_firewall 16.1.0 16.1.0.x
f5 / big-ip_access_policy_manager 16.1.0 16.1.0.x
f5 / big-ip_application_security_manager 16.1.0 16.1.0.x
f5 / big-ip_access_policy_manager 16.1.2 16.1.2.x
f5 / big-ip_access_policy_manager 16.1.1 16.1.1.x
f5 / big-ip_access_policy_manager 15.1.5 15.1.5.x
f5 / big-ip_access_policy_manager 15.1.4 15.1.4.x
f5 / big-ip_access_policy_manager 15.1.3 15.1.3.x
f5 / big-ip_access_policy_manager 15.1.2 15.1.2.x
f5 / big-ip_access_policy_manager 15.1.1 15.1.1.x
f5 / big-ip_access_policy_manager 14.1.3 14.1.3.x
f5 / big-ip_access_policy_manager 14.1.2 14.1.2.x
f5 / big-ip_access_policy_manager 13.1.5 13.1.5.x
f5 / big-ip_access_policy_manager 13.1.4 13.1.4.x
f5 / big-ip_access_policy_manager 13.1.3 13.1.3.x
f5 / big-ip_access_policy_manager 13.1.1 13.1.1.x
f5 / big-ip_application_security_manager 16.1.2 16.1.2.x
f5 / big-ip_application_security_manager 16.1.1 16.1.1.x
f5 / big-ip_application_security_manager 15.1.5 15.1.5.x
f5 / big-ip_application_security_manager 15.1.4 15.1.4.x
f5 / big-ip_application_security_manager 15.1.3 15.1.3.x
f5 / big-ip_application_security_manager 15.1.2 15.1.2.x
f5 / big-ip_application_security_manager 15.1.1 15.1.1.x
f5 / big-ip_application_security_manager 14.1.3 14.1.3.x
f5 / big-ip_application_security_manager 14.1.2 14.1.2.x
f5 / big-ip_application_security_manager 13.1.5 13.1.5.x
f5 / big-ip_application_security_manager 13.1.4 13.1.4.x
f5 / big-ip_application_security_manager 13.1.3 13.1.3.x
f5 / big-ip_application_security_manager 13.1.1 13.1.1.x
f5 / big-ip_advanced_web_application_firewall 13.1.3 13.1.3.x
f5 / big-ip_advanced_web_application_firewall 16.1.2 16.1.2.x
f5 / big-ip_advanced_web_application_firewall 16.1.1 16.1.1.x
f5 / big-ip_advanced_web_application_firewall 15.1.5 15.1.5.x
f5 / big-ip_advanced_web_application_firewall 15.1.4 15.1.4.x
f5 / big-ip_advanced_web_application_firewall 15.1.3 15.1.3.x
f5 / big-ip_advanced_web_application_firewall 15.1.2 15.1.2.x
f5 / big-ip_advanced_web_application_firewall 15.1.1 15.1.1.x
f5 / big-ip_advanced_web_application_firewall 14.1.3 14.1.3.x
f5 / big-ip_advanced_web_application_firewall 14.1.2 14.1.2.x
f5 / big-ip_advanced_web_application_firewall 14.1.0 14.1.0.x
f5 / big-ip_advanced_web_application_firewall 13.1.5 13.1.5.x
f5 / big-ip_advanced_web_application_firewall 13.1.4 13.1.4.x
f5 / big-ip_advanced_web_application_firewall 13.1.1 13.1.1.x
f5 / big-ip_advanced_web_application_firewall 13.1.0 13.1.0.x
f5 / big-ip_guided_configuration - 9.0