Vulnerabilities > CVE-2022-23009 - Incorrect Authorization vulnerability in F5 Big-Iq Centralized Management 8.0.0

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

CWE-863

critical

NVD

Published: 2022-01-25

Updated: 2022-02-01

Summary

On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IQ Centralized Management 8.0.0	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://support.f5.com/csp/article/K47592780