CVE-2022-23024 — Uncontrolled Resource Consumption in F5 Big-ip Advanced Firewall Manager

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 29.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Advanced Firewall Manager F5 Big-ip AFM

Timeline

PublishedJan 25

Latest updateJan 26

Description

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway (ALG) logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDf5/big-ip_advanced_firewall_manager13.1.0 — 13.1.4+2

▶CVEListV5f5/big-ip_afm16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x

🔴Vulnerability Details

GHSA

GHSA-q727-99h7-2wcw: On BIG-IP AFM version 16↗2022-01-26

▶

CVEList

CVE-2022-23024: On BIG-IP AFM version 16↗2022-01-25

▶

📋Vendor Advisories

CVE-2022-23024: On BIG-IP AFM version 16↗2022-01-25

▶