Request a Demo
Rewterz
Rewterz Threat Advisory – Cisco Webex Meetings and Redundancy Configuration Manager Vulnerabilities
January 20, 2022
Rewterz
Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
January 20, 2022

Rewterz Threat Advisory – Multiple F5 BIG-IP Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-23021 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when the HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP Profile configuration is configured on a virtual server. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.

CVE-2022-23020 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when the “Respond on Error” setting is enabled on the Request Logging profile and configured on a virtual server. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.

CVE-2022-23019 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a message routing type virtual server is configured with both Diameter Session and Router Profiles. By sending specially-crafted traffic, a remote attacker could exploit this vulnerability to cause an increase in memory resource utilization, and results in a denial of service condition.

CVE-2022-23018 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.

CVE-2022-23017

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a virtual server is configured with a DNS profile with the Rapid Response Mode setting enabled. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.

CVE-2022-23016 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when SSL Forward Proxy with TLS 1.3 is configured on a virtual server. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.

CVE-2022-23015 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and Session Ticket enabled and configured. By sending specially-crafted SSL traffic, a remote attacker could exploit this vulnerability to cause an increase in memory resource utilization, and results in a denial of service condition.

CVE-2022-23014 

F5 BIG-IP (APM) is vulnerable to a denial of service, caused by a flaw when the Hportal access is configured on a virtual server. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.

CVE-2022-23013 

F5 BIG-IP (DNS, GTM) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Configuration utility. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2022-23012 

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when the HTTP/2 profile is configured on a virtual server. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.

Impact

  • Denial of Service
  • Cross-Site Scripting

Affected Vendors

F5

Affected Products

  • F5 BIG-IP 16.1.0
  • F5 BIG-IP 16.1.1
  • F5 BIG-IP 12.1.0
  • F5 BIG-IP 13.1.0
  • F5 BIG-IP 15.1.0
  • F5 BIG-IP 14.1.0
  • F5 BIG-IP (AFM) 12.1.6
  • F5 BIG-IP (AFM) 16.0.0
  • F5 BIG-IP (AFM) 16.0.1
  • F5 BIG-IP (AFM) 16.1.0
  • F5 BIG-IP (APM) 15.1.0
  • F5 BIG-IP (APM) 15.1.4
  • F5 BIG-IP (APM) 16.1.0
  • F5 BIG-IP (APM) 16.1.1
  • F5 BIG-IP (DNS) 11.6.1
  • F5 BIG-IP (DNS) 11.6.5
  • F5 BIG-IP (DNS) 12.1.0
  • F5 BIG-IP (DNS) 13.1.0

Remediation

Refer to F5 Security Advisory for patch, upgrade or suggested workaround information.

CVE-2022-23021

https://support.f5.com/csp/article/K57111075

CVE-2022-23020

https://support.f5.com/csp/article/K17514331

CVE-2022-23019

https://support.f5.com/csp/article/K82793463

CVE-2022-23018

https://support.f5.com/csp/article/K24358905

CVE-2022-23017

https://support.f5.com/csp/article/K28042514

CVE-2022-23016

https://support.f5.com/csp/article/K91013510

CVE-2022-23015

https://support.f5.com/csp/article/K08476614

CVE-2022-23014

https://support.f5.com/csp/article/K93526903

CVE-2022-23013 

https://support.f5.com/csp/article/K29500533

CVE-2022-23012

https://support.f5.com/csp/article/K26310765