CVE-2022-29491

Published: May 5, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected (124)

Products: F5: Big Ip Access Policy Manager, Big Ip Advanced Web Application Firewall, Big Ip Application Security Manager, Big Ip Local Traffic Manager

4 products

Big Ip Access Policy Manager

Big Ip Advanced Web Application Firewall

Big Ip Application Security Manager

Big Ip Local Traffic Manager

Configuration A

124 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	Version 11.6.1
F5 Big Ip Access Policy Manager	Version 11.6.2
F5 Big Ip Access Policy Manager	Version 11.6.3
F5 Big Ip Access Policy Manager	Version 11.6.4
F5 Big Ip Access Policy Manager	Version 11.6.5
F5 Big Ip Access Policy Manager	Version 12.1.0
F5 Big Ip Access Policy Manager	Version 12.1.1
F5 Big Ip Access Policy Manager	Version 12.1.2
F5 Big Ip Access Policy Manager	Version 12.1.3
F5 Big Ip Access Policy Manager	Version 12.1.4
F5 Big Ip Access Policy Manager	Version 12.1.5
F5 Big Ip Access Policy Manager	Version 12.1.6
F5 Big Ip Access Policy Manager	Version 13.1.0
F5 Big Ip Access Policy Manager	Version 13.1.1
F5 Big Ip Access Policy Manager	Version 13.1.3
F5 Big Ip Access Policy Manager	Version 13.1.4
F5 Big Ip Access Policy Manager	Version 13.1.5
F5 Big Ip Access Policy Manager	Version 14.1.0
F5 Big Ip Access Policy Manager	Version 14.1.2
F5 Big Ip Access Policy Manager	Version 14.1.3
F5 Big Ip Access Policy Manager	Version 14.1.4
F5 Big Ip Access Policy Manager	Version 15.1.0
F5 Big Ip Access Policy Manager	Version 15.1.1
F5 Big Ip Access Policy Manager	Version 15.1.2
F5 Big Ip Access Policy Manager	Version 15.1.3
F5 Big Ip Access Policy Manager	Version 15.1.4
F5 Big Ip Access Policy Manager	Version 15.1.5
F5 Big Ip Access Policy Manager	Version 16.1.0
F5 Big Ip Access Policy Manager	Version 16.1.1
F5 Big Ip Access Policy Manager	Version 16.1.2
F5 Big Ip Access Policy Manager	Version 17.0.0
F5 Big Ip Advanced Web Application Firewall	Version 11.6.1
F5 Big Ip Advanced Web Application Firewall	Version 11.6.2
F5 Big Ip Advanced Web Application Firewall	Version 11.6.3
F5 Big Ip Advanced Web Application Firewall	Version 11.6.4
F5 Big Ip Advanced Web Application Firewall	Version 11.6.5
F5 Big Ip Advanced Web Application Firewall	Version 12.1.0
F5 Big Ip Advanced Web Application Firewall	Version 12.1.1
F5 Big Ip Advanced Web Application Firewall	Version 12.1.2
F5 Big Ip Advanced Web Application Firewall	Version 12.1.3
F5 Big Ip Advanced Web Application Firewall	Version 12.1.4
F5 Big Ip Advanced Web Application Firewall	Version 12.1.5
F5 Big Ip Advanced Web Application Firewall	Version 12.1.6
F5 Big Ip Advanced Web Application Firewall	Version 13.1.0
F5 Big Ip Advanced Web Application Firewall	Version 13.1.1
F5 Big Ip Advanced Web Application Firewall	Version 13.1.3
F5 Big Ip Advanced Web Application Firewall	Version 13.1.4
F5 Big Ip Advanced Web Application Firewall	Version 13.1.5
F5 Big Ip Advanced Web Application Firewall	Version 14.1.0
F5 Big Ip Advanced Web Application Firewall	Version 14.1.2
F5 Big Ip Advanced Web Application Firewall	Version 14.1.3
F5 Big Ip Advanced Web Application Firewall	Version 14.1.4
F5 Big Ip Advanced Web Application Firewall	Version 15.1.0
F5 Big Ip Advanced Web Application Firewall	Version 15.1.1
F5 Big Ip Advanced Web Application Firewall	Version 15.1.2
F5 Big Ip Advanced Web Application Firewall	Version 15.1.3
F5 Big Ip Advanced Web Application Firewall	Version 15.1.4
F5 Big Ip Advanced Web Application Firewall	Version 15.1.5
F5 Big Ip Advanced Web Application Firewall	Version 16.1.0
F5 Big Ip Advanced Web Application Firewall	Version 16.1.1
F5 Big Ip Advanced Web Application Firewall	Version 16.1.2
F5 Big Ip Advanced Web Application Firewall	Version 17.0.0
F5 Big Ip Application Security Manager	Version 11.6.1
F5 Big Ip Application Security Manager	Version 11.6.2
F5 Big Ip Application Security Manager	Version 11.6.3
F5 Big Ip Application Security Manager	Version 11.6.4
F5 Big Ip Application Security Manager	Version 11.6.5
F5 Big Ip Application Security Manager	Version 12.1.0
F5 Big Ip Application Security Manager	Version 12.1.1
F5 Big Ip Application Security Manager	Version 12.1.2
F5 Big Ip Application Security Manager	Version 12.1.3
F5 Big Ip Application Security Manager	Version 12.1.4
F5 Big Ip Application Security Manager	Version 12.1.5
F5 Big Ip Application Security Manager	Version 12.1.6
F5 Big Ip Application Security Manager	Version 13.1.0
F5 Big Ip Application Security Manager	Version 13.1.1
F5 Big Ip Application Security Manager	Version 13.1.3
F5 Big Ip Application Security Manager	Version 13.1.4
F5 Big Ip Application Security Manager	Version 13.1.5
F5 Big Ip Application Security Manager	Version 14.1.0
F5 Big Ip Application Security Manager	Version 14.1.2
F5 Big Ip Application Security Manager	Version 14.1.3
F5 Big Ip Application Security Manager	Version 14.1.4
F5 Big Ip Application Security Manager	Version 15.1.0
F5 Big Ip Application Security Manager	Version 15.1.1
F5 Big Ip Application Security Manager	Version 15.1.2
F5 Big Ip Application Security Manager	Version 15.1.3
F5 Big Ip Application Security Manager	Version 15.1.4
F5 Big Ip Application Security Manager	Version 15.1.5
F5 Big Ip Application Security Manager	Version 16.1.0
F5 Big Ip Application Security Manager	Version 16.1.1
F5 Big Ip Application Security Manager	Version 16.1.2
F5 Big Ip Application Security Manager	Version 17.0.0
F5 Big Ip Local Traffic Manager	Version 11.6.1
F5 Big Ip Local Traffic Manager	Version 11.6.2
F5 Big Ip Local Traffic Manager	Version 11.6.3
F5 Big Ip Local Traffic Manager	Version 11.6.4
F5 Big Ip Local Traffic Manager	Version 11.6.5
F5 Big Ip Local Traffic Manager	Version 12.1.0
F5 Big Ip Local Traffic Manager	Version 12.1.1
F5 Big Ip Local Traffic Manager	Version 12.1.2
F5 Big Ip Local Traffic Manager	Version 12.1.3
F5 Big Ip Local Traffic Manager	Version 12.1.4
F5 Big Ip Local Traffic Manager	Version 12.1.5
F5 Big Ip Local Traffic Manager	Version 12.1.6
F5 Big Ip Local Traffic Manager	Version 13.1.0
F5 Big Ip Local Traffic Manager	Version 13.1.1
F5 Big Ip Local Traffic Manager	Version 13.1.3
F5 Big Ip Local Traffic Manager	Version 13.1.4
F5 Big Ip Local Traffic Manager	Version 13.1.5
F5 Big Ip Local Traffic Manager	Version 14.1.0
F5 Big Ip Local Traffic Manager	Version 14.1.2
F5 Big Ip Local Traffic Manager	Version 14.1.3
F5 Big Ip Local Traffic Manager	Version 14.1.4
F5 Big Ip Local Traffic Manager	Version 15.1.0
F5 Big Ip Local Traffic Manager	Version 15.1.1
F5 Big Ip Local Traffic Manager	Version 15.1.2
F5 Big Ip Local Traffic Manager	Version 15.1.3
F5 Big Ip Local Traffic Manager	Version 15.1.4
F5 Big Ip Local Traffic Manager	Version 15.1.5
F5 Big Ip Local Traffic Manager	Version 16.1.0
F5 Big Ip Local Traffic Manager	Version 16.1.1
F5 Big Ip Local Traffic Manager	Version 16.1.2
F5 Big Ip Local Traffic Manager	Version 17.0.0

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (2)

https://support.f5.com/csp/article/K14229426

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K14229426

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.