CVE-2022-23018

Published: Jan 25, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected (4)

Products: F5: Big Ip Advanced Firewall Manager

1 product

Big Ip Advanced Firewall Manager

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Advanced Firewall Manager	From 13.1.3.4 to 13.1.4.1
F5 Big Ip Advanced Firewall Manager	From 14.1.0 to 14.1.4.5
F5 Big Ip Advanced Firewall Manager	From 15.1.0 to 15.1.4.1
F5 Big Ip Advanced Firewall Manager	From 16.1.0 to 16.1.2

Related CWEs

CWE-755

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

References (2)

https://support.f5.com/csp/article/K24358905

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K24358905

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.