Lucene search
HistoryFeb 01, 2023 - 6:15 p.m.
CVE-2023-22323
cve-2023-22323
bip-ip
cpu resource
vulnerability
security
ocsp authentication
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
33.7%
In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected configurations
Node
f5big-ip_access_policy_managerRange13.1.0–13.1.5
ORf5big-ip_access_policy_managerRange14.1.0–14.1.5.3
ORf5big-ip_access_policy_managerRange15.1.0–15.1.8.1
ORf5big-ip_access_policy_managerRange16.1.0–16.1.3.3
ORf5big-ip_access_policy_managerRange17.0.0–17.0.0.2
ORf5big-ip_advanced_firewall_managerRange13.1.0–13.1.5
ORf5big-ip_advanced_firewall_managerRange14.1.0–14.1.5.3
ORf5big-ip_advanced_firewall_managerRange15.1.0–15.1.8.1
ORf5big-ip_advanced_firewall_managerRange16.1.0–16.1.3.3
ORf5big-ip_advanced_firewall_managerRange17.0.0–17.0.0.2
ORf5big-ip_analyticsRange13.1.0–13.1.5
ORf5big-ip_analyticsRange14.1.0–14.1.5.3
ORf5big-ip_analyticsRange15.1.0–15.1.8.1
ORf5big-ip_analyticsRange16.1.0–16.1.3.3
ORf5big-ip_analyticsRange17.0.0–17.0.0.2
ORf5big-ip_application_acceleration_managerRange13.1.0–13.1.5
ORf5big-ip_application_acceleration_managerRange15.1.0–15.1.8.1
ORf5big-ip_application_acceleration_managerRange16.1.0–16.1.3.3
ORf5big-ip_application_acceleration_managerRange17.0.0–17.0.0.2
ORf5big-ip_application_security_managerRange13.1.0–13.1.5
ORf5big-ip_application_security_managerRange14.1.0–14.1.5.3
ORf5big-ip_application_security_managerRange15.1.0–15.1.8.1
ORf5big-ip_application_security_managerRange16.1.0–16.1.3.3
ORf5big-ip_application_security_managerRange17.0.0–17.0.0.2
ORf5big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5
ORf5big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5.3
ORf5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.8.1
ORf5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.3.3
ORf5big-ip_domain_name_systemRange14.1.0–14.1.5.3
ORf5big-ip_domain_name_systemRange15.1.0–15.1.8.1
ORf5big-ip_domain_name_systemRange16.1.0–16.1.3.3
ORf5big-ip_domain_name_systemRange17.0.0–17.0.0.2
ORf5big-ip_fraud_protection_serviceRange13.1.0–13.1.5
ORf5big-ip_fraud_protection_serviceRange15.1.0–15.1.8.1
ORf5big-ip_fraud_protection_serviceRange16.1.0–16.1.3.3
ORf5big-ip_fraud_protection_serviceRange17.0.0–17.0.0.2
ORf5big-ip_link_controllerRange13.1.0–13.1.5
ORf5big-ip_link_controllerRange14.1.0–14.1.5.3
ORf5big-ip_link_controllerRange15.1.0–15.1.8.1
ORf5big-ip_link_controllerRange16.1.0–16.1.3.3
ORf5big-ip_link_controllerRange17.0.0–17.0.0.2
ORf5big-ip_local_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_local_traffic_managerRange14.1.0–14.1.5.3
ORf5big-ip_local_traffic_managerRange15.1.0–15.1.8.1
ORf5big-ip_local_traffic_managerRange16.1.0–16.1.3.3
ORf5big-ip_local_traffic_managerRange17.0.0–17.0.0.2
ORf5big-ip_policy_enforcement_managerRange13.1.0–13.1.5
ORf5big-ip_policy_enforcement_managerRange14.1.0–14.1.5.3
ORf5big-ip_policy_enforcement_managerRange15.1.0–15.1.8.1
ORf5big-ip_policy_enforcement_managerRange16.1.0–16.1.3.3
ORf5big-ip_policy_enforcement_managerRange17.0.0–17.0.0.2
ORf5big-ip_ssl_orchestratorRange13.1.0–13.1.5
ORf5big-ip_ssl_orchestratorRange14.1.0–14.1.5.3
ORf5big-ip_ssl_orchestratorRange15.1.0–15.1.8.1
ORf5big-ip_ssl_orchestratorRange16.1.0–16.1.3.3
ORf5big-ip_ssl_orchestratorRange17.0.0–17.0.0.2
CNA Affected
[
{
"defaultStatus": "unknown",
"modules": [
"All modules"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "17.0.0.2",
"status": "affected",
"version": "17.0.0",
"versionType": "semver"
},
{
"lessThan": "16.1.3.3",
"status": "affected",
"version": "16.1.0",
"versionType": "semver"
},
{
"lessThan": "15.1.8.1",
"status": "affected",
"version": "15.1.0",
"versionType": "semver"
},
{
"lessThan": "14.1.5.3",
"status": "affected",
"version": "14.1.0",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "affected",
"version": "13.1.0",
"versionType": "semver"
}
]
}
]References
Related
cvelist
cvelist
CVE-2023-22323 BIG-IP SSL OCSP Authentication profile vulnerability
2023-02-01 17:53:34
cnvd
cnvd
F5 BIG-IP SSL OCSP Authentication Profile Denial of Service Vulnerability
2023-02-01 00:00:00
nvd
nvd
CVE-2023-22323
2023-02-01 18:15:10
f5
f5
K000130496 : Overview of F5 vulnerabilities (February 2023)
2023-02-01 00:00:00
nessus
nessus
prion
prion
Authentication flaw
2023-02-01 18:15:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
33.7%
Related for CVE-2023-22323