Details of VAR-202210-1430

ID

VAR-202210-1430

CVE

CVE-2022-41983

TITLE

F5 BIG-IP Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202210-1407

DESCRIPTION

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied

Trust: 0.99

sources: NVD: CVE-2022-41983 // VULHUB: VHN-438374

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	15.1.6	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip ssl orchestrator	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application visibility and reporting	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip carrier-grade nat	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.1.5.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	15.1.7	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	15.1.7	Trust: 1.0

sources: NVD: CVE-2022-41983

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-41983
value:	LOW
Trust: 1.0
f5sirt@f5.com:	CVE-2022-41983
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-202210-1407
value:	LOW
Trust: 0.6

NVD:
baseSeverity:	LOW
baseScore:	3.7
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	1.4
version:	3.1
Trust: 2.0

sources: NVD: CVE-2022-41983 // NVD: CVE-2022-41983 // CNNVD: CNNVD-202210-1407

PROBLEMTYPE DATA

problemtype:

CWE-319

Trust: 1.1

sources: VULHUB: VHN-438374 // NVD: CVE-2022-41983

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1407

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-1407

CONFIGURATIONS

sources: NVD: CVE-2022-41983

PATCH

title:

F5 BIG-IP Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqbyid.tag?id=211815

Trust: 0.6

sources: CNNVD: CNNVD-202210-1407

EXTERNAL IDS

db:	NVD	id:	CVE-2022-41983	Trust: 1.7
db:	CNNVD	id:	CNNVD-202210-1407	Trust: 0.6
db:	VULHUB	id:	VHN-438374	Trust: 0.1

sources: VULHUB: VHN-438374 // NVD: CVE-2022-41983 // CNNVD: CNNVD-202210-1407

REFERENCES

url:	https://support.f5.com/csp/article/k31523465	Trust: 1.7
url:	https://vigilance.fr/vulnerability/f5-big-ip-no-encryption-via-intel-qat-aes-gcm-ccm-39646	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-41983/	Trust: 0.6

sources: VULHUB: VHN-438374 // NVD: CVE-2022-41983 // CNNVD: CNNVD-202210-1407

SOURCES

db:	VULHUB	id:	VHN-438374
db:	NVD	id:	CVE-2022-41983
db:	CNNVD	id:	CNNVD-202210-1407

LAST UPDATE DATE

2023-12-18T13:55:12.839000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-438374	date:	2022-10-24T00:00:00
db:	NVD	id:	CVE-2022-41983	date:	2022-10-24T15:57:26.087
db:	CNNVD	id:	CNNVD-202210-1407	date:	2022-10-25T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-438374	date:	2022-10-19T00:00:00
db:	NVD	id:	CVE-2022-41983	date:	2022-10-19T22:15:13.620
db:	CNNVD	id:	CNNVD-202210-1407	date:	2022-10-19T00:00:00