CVE-2022-23026 vulnerability in F5 Networks Products
Published on January 25, 2022
On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2022-23026 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Products Associated with CVE-2022-23026
stack.watch emails you whenever new vulnerabilities are published in F5 Networks Big Ip Advanced Web Application Firewall or F5 Networks Big Ip Application Acceleration Manager. Just hit a watch button to start following.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.