CVE-2022-33947

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operations through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published: Aug 4, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-33947
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
f5 / big-ip_domain_name_system	13.1.0	13.1.5.x
f5 / big-ip_domain_name_system	15.1.0	15.1.6.1
f5 / big-ip_domain_name_system	14.1.0	14.1.5
f5 / big-ip_domain_name_system	16.1.0	16.1.3

https://support.f5.com/csp/article/K38893457

Vulnerability Database

289,599

CVE-2022-33947