March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Mirai Botnet – Active IOCs
August 4, 2022Rewterz Threat Advisory – CVE-2022-33203 – F5 BIG-IP (APM and SSL Orchestrator) Vulnerability
August 4, 2022Rewterz Threat Alert – Mirai Botnet – Active IOCs
August 4, 2022Rewterz Threat Advisory – CVE-2022-33203 – F5 BIG-IP (APM and SSL Orchestrator) Vulnerability
August 4, 2022
Severity
High
Analysis Summary
CVE-2022-35735 CVSS:7.2
F5 BIG-IP could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an unspecified flaw. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as Administrator.
CVE-2022-35272 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate, and results in a denial of service condition.
CVE-2022-34862 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when an LTM virtual server is configured to perform normalization. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.
CVE-2022-34651 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.
CVE-2022-32455 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when the LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.
Impact
- Privilege Escalation
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-35735
- CVE-2022-35272
- CVE-2022-34862
- CVE-2022-34651
- CVE-2022-32455
Affected Vendors
F5
Affected Products
- F5 BIG-IP 13.1.0
- F5 BIG-IP 14.1.0
- F5 BIG-IP 15.1.0
- F5 BIG-IP 16.1.0
- F5 BIG-IP 13.1.5
- F5 BIG-IP 15.1.6
- F5 BIG-IP 16.1.3
- F5 BIG-IP 14.1.5
- F5 BIG-IP 17.0.0
Remediation
Refer to F5 Security Advisory for patch, upgrade or suggested workaround information.
CVE-2022-35735
CVE-2022-35272
CVE-2022-34862
CVE-2022-34651
CVE-2022-32455