CVE-2022-34865 Vulnerability Details

  /     /     /  

CVE-2022-34865 Metadata Quick Info

CVE Published: 04/08/2022 | CVE Updated: 16/09/2024 | CVE Year: 2022
Source: f5 | Vendor: F5 | Product: BIG-IP
Status : PUBLISHED

---

CVE-2022-34865 Description

In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Metrics

CVSS Version: 3.1 | Base Score: 4.8 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-295
CWE Name: CWE-295 Improper Certificate Validation
Source: F5

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).