Request a Demo
Rewterz
Rewterz Threat Alert – Donot APT Group – Active IOCs
January 20, 2022
Rewterz
Rewterz Threat Alert – Conti Ransomware Group Attacks Indonesia’s Central Bank – Fresh IOCs
January 21, 2022

Rewterz Threat Advisory – Multiple F5 BIG-IP Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-23028 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when global AFM SYN cookie protection (TCP Half Open flood vector) is activated. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-23029 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a FastL4 profile is configured on a virtual server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause an increase in memory resource utilization.

CVE-2022-23030 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw When the BIG-IP Virtual Edition (VE) uses the ixlv driver and TCP Segmentation Offload configuration is enable. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause an increase in CPU resource utilization.

CVE-2022-23031 

F5 BIG-IP could allow a remote authenticated attacker to obtain sensitive information, caused by an XML External Entity (XXE) in an undisclosed page of the F5 Advanced Web Application Firewall (Advanced WAF) and BIG-IP ASM Traffic Management User Interface (TMUI). By sending a specially-crafted file, a remote attacker could exploit this vulnerability to read local files and force BIG-IP to send HTTP requests.

CVE-2022-23032 

F5 BIG-IP could allow a remote attacker to obtain sensitive information, caused by a DNS rebinding attack when proxy settings are configured in the network access resource of a BIG-IP APM system. By sending a specially-crafted request, an attacker could exploit this vulnerability to exfiltrate proxy configuration details.

CVE-2022-23023 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw in iControl REST. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause an increase in memory resource utilization.

CVE-2022-23024 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when the IPsec application layer gateway (ALG) logging profile is configured on an IPsec ALG virtual server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.

CVE-2022-23025 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a SIP ALG profile is configured on a virtual server. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.

CVE-2022-23026 

F5 BIG-IP is vulnerable to a denial of service caused by a flaw in the REST API endpoint. By sending a specially-crafted request, an attacker could exploit this vulnerability to upload data to cause an increase in disk resource utilization.

CVE-2022-23027 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured on the same virtual server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the virtual server to stop processing new client connections.

CVE-2022-23022 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when an HTTP profile is configured on a virtual server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.

CVE-2022-23011 

F5 BIG-IP is vulnerable to a denial of service, caused by an issue in the SYN Cookie Protection feature. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-23008 

F5 NGINX Controller API Management could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to inject JavaScript code that is executed on managed NGINX data plane instances.

CVE-2022-23009 

F5 BIG-IQ Centralized Management could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain access to all BIG-IP devices managed by the same BIG-IQ system.

CVE-2022-23010 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a FastL4 profile and an HTTP profile are configured on a virtual server. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause an increase in memory resource utilization.

Impact

  • Denial of Service
  • Information Disclosure
  • Security Bypass

Affected Vendors

F5

Affected Products

  • F5 BIG-IP (AFM) 15.1.0
  • F5 BIG-IP (AFM) 14.1.0
  • F5 BIG-IP (AFM) 13.1.0
  • F5 BIG-IP (AFM) 15.1.4
  • F5 BIG-IP 11.6.1
  • F5 BIG-IP 12.1.0
  • F5 BIG-IP 13.1.0
  • F5 BIG-IP 14.1.0
  • F5 BIG-IP 15.1.0
  • F5 BIG-IP 14.1.4
  • F5 BIG-IP (APM) 12.1.0
  • F5 BIG-IP (APM) 14.1.0
  • F5 BIG-IP (APM) 15.0.0
  • F5 BIG-IP (APM) 13.1.0
  • F5 BIG-IP 12.1.5
  • F5 BIG-IQ Centralized Management 7.0.0
  • F5 NGINX Controller API Management 3.18.0
  • F5 NGINX Controller API Management 3.19.0
  • F5 BIG-IQ Centralized Management 8.0.0

Remediation

Refer to F5 Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2022-23028  
https://support.f5.com/csp/article/K16101409
CVE-2022-23029  
https://support.f5.com/csp/article/K50343028
CVE-2022-23030  
https://support.f5.com/csp/article/K50343028
CVE-2022-23031  
https://support.f5.com/csp/article/K61112120
CVE-2022-23032  
https://support.f5.com/csp/article/K30525503
CVE-2022-23023  
https://support.f5.com/csp/article/K11742742
CVE-2022-23024  
https://support.f5.com/csp/article/K54892865
CVE-2022-23025  
https://support.f5.com/csp/article/K44110411
CVE-2022-23026  
https://support.f5.com/csp/article/K08402414
CVE-2022-23027  
https://support.f5.com/csp/article/K30573026
CVE-2022-23022  
https://support.f5.com/csp/article/K96924184
CVE-2022-23011  
https://support.f5.com/csp/article/K96924184
CVE-2022-23008  
https://support.f5.com/csp/article/K57735782
CVE-2022-23009  
https://support.f5.com/csp/article/K47592780
CVE-2022-23010 

https://support.f5.com/csp/article/K34360320