CVE-2022-27634: 
F5 BIG-IP Virtual Edition vulnerability analysis and mitigation

CVE-2022-27634 affects BIG-IP Access Policy Manager (APM) in versions 16.1.x prior to 16.1.2.2 and 15.1.x prior to 15.1.5.1. The vulnerability allows an authenticated attacker with high privileges to manipulate the APM policy, potentially leading to privilege escalation and remote code execution (NVD).

The vulnerability stems from improper validation of configurations in BIG-IP APM. It has been assigned a CVSS v3.1 base score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. F5 Networks has also provided their own assessment with a CVSS score of 6.5 (MEDIUM) and vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N (NVD).

If exploited, this vulnerability could allow an authenticated attacker with high privileges to manipulate the APM policy, potentially leading to privilege escalation and remote code execution. The attack affects the control plane only, with no data plane exposure (NVD).

F5 has released patches to address this vulnerability. Users should upgrade to version 16.1.2.2 for the 16.1.x branch or version 15.1.5.1 for the 15.1.x branch. Software versions which have reached End of Technical Support (EoTS) are not evaluated (NVD).