Vulnerabilities > CVE-2022-27636 - Information Exposure Through Log Files vulnerability in F5 products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

CWE-532

NVD

Published: 2022-05-05

Updated: 2023-01-24

Summary

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Access Policy Manager 11.6.1 F5 BIG IP Access Policy Manager 11.6.2 F5 BIG IP Access Policy Manager 11.6.3 F5 BIG IP Access Policy Manager 11.6.4 F5 BIG IP Access Policy Manager 11.6.5 F5 BIG IP Access Policy Manager 12.1.0 F5 BIG IP Access Policy Manager 12.1.1 F5 BIG IP Access Policy Manager 12.1.2 F5 BIG IP Access Policy Manager 12.1.3 F5 BIG IP Access Policy Manager 12.1.4 F5 BIG IP Access Policy Manager 12.1.5 F5 BIG IP Access Policy Manager 12.1.6 F5 BIG IP Access Policy Manager 13.1.0 F5 BIG IP Access Policy Manager 13.1.1 F5 BIG IP Access Policy Manager 13.1.2 F5 BIG IP Access Policy Manager 13.1.3 F5 BIG IP Access Policy Manager 13.1.4 F5 BIG IP Access Policy Manager 13.1.5 F5 BIG IP Access Policy Manager 14.1.0 F5 BIG IP Access Policy Manager 14.1.2 F5 BIG IP Access Policy Manager 14.1.3 F5 BIG IP Access Policy Manager 14.1.4 F5 BIG IP Access Policy Manager 15.1.0 F5 BIG IP Access Policy Manager 15.1.1 F5 BIG IP Access Policy Manager 15.1.2 F5 BIG IP Access Policy Manager 15.1.3 F5 BIG IP Access Policy Manager 15.1.4 F5 BIG IP Access Policy Manager 15.1.5 F5 BIG IP Access Policy Manager 16.1.0 F5 BIG IP Access Policy Manager 16.1.1 F5 BIG IP Access Policy Manager 16.1.2 F5 BIG IP Access Policy Manager Client 7.1.6 F5 BIG IP Access Policy Manager Client 7.1.6.1 F5 BIG IP Access Policy Manager Client 7.1.7 F5 BIG IP Access Policy Manager Client 7.1.8 F5 BIG IP Access Policy Manager Client 7.1.8.2 F5 BIG IP Access Policy Manager Client 7.1.9 F5 BIG IP Access Policy Manager Client 7.2.1	38
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-532 - Information Exposure Through Log Files

Common Attack Pattern Enumeration and Classification (CAPEC)

Fuzzing and observing application log data/errors for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.

References

https://support.f5.com/csp/article/K57110035