CVE-2022-35735: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

In BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, a privilege escalation vulnerability was identified and tracked as CVE-2022-35735. The vulnerability allows authenticated attackers with Resource Administrator or Manager privileges to create or modify existing monitor objects in the Configuration utility in an undisclosed manner, potentially leading to privilege escalation (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.2 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability is network-accessible (AV:N), requires low attack complexity (AC:L), needs high privileges (PR:H), requires no user interaction (UI:N), has unchanged scope (S:U), and can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD).

The vulnerability can lead to significant security impacts including high levels of compromise to system confidentiality, integrity, and availability. When successfully exploited, it allows privileged users to escalate their privileges through manipulation of monitor objects in the Configuration utility (NVD).

F5 has released patched versions to address this vulnerability. Users should upgrade to version 16.1.3.1, 15.1.6.1, or 14.1.5.1 depending on their current version track. Note that all versions of 13.1.x are affected and should be upgraded to a supported version (NVD).