Request a Demo
Rewterz
Rewterz Threat Alert – Mirai Botnet – Active IOCs
August 4, 2022
Rewterz
Rewterz Threat Advisory – CVE-2022-33203 – F5 BIG-IP (APM and SSL Orchestrator) Vulnerability
August 4, 2022

Rewterz Threat Advisory – Multiple F5 BIG-IP Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-35735 CVSS:7.2
F5 BIG-IP could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an unspecified flaw. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as Administrator.

CVE-2022-35272 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate, and results in a denial of service condition.

CVE-2022-34862 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when an LTM virtual server is configured to perform normalization. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.

CVE-2022-34651 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.

CVE-2022-32455 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when the LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.

Impact

  • Privilege Escalation
  • Denial of Service

Indicators Of Compromise

CVE

  • CVE-2022-35735
  • CVE-2022-35272
  • CVE-2022-34862
  • CVE-2022-34651
  • CVE-2022-32455

Affected Vendors

F5

Affected Products

  • F5 BIG-IP 13.1.0
  • F5 BIG-IP 14.1.0
  • F5 BIG-IP 15.1.0
  • F5 BIG-IP 16.1.0
  • F5 BIG-IP 13.1.5
  • F5 BIG-IP 15.1.6
  • F5 BIG-IP 16.1.3
  • F5 BIG-IP 14.1.5
  • F5 BIG-IP 17.0.0

Remediation

Refer to F5 Security Advisory for patch, upgrade or suggested workaround information.
CVE-2022-35735 
CVE-2022-35272 
CVE-2022-34862  
CVE-2022-34651 
CVE-2022-32455