Lucene search
HistoryFeb 01, 2023 - 6:15 p.m.
CVE-2023-22340
cve-2023-22340
big-ip
sip profile
message routing
tmm termination
security advisory
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
33.7%
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected configurations
Node
f5big-ip_access_policy_managerRange13.1.0–13.1.5
ORf5big-ip_access_policy_managerRange14.1.0–14.1.5.3
ORf5big-ip_access_policy_managerRange15.1.0–15.1.8
ORf5big-ip_access_policy_managerRange16.1.0–16.1.3.3
ORf5big-ip_access_policy_managerRange17.0.0–17.0.0.2
ORf5big-ip_advanced_firewall_managerRange13.1.0–13.1.5
ORf5big-ip_advanced_firewall_managerRange14.1.0–14.1.5.3
ORf5big-ip_advanced_firewall_managerRange15.1.0–15.1.8
ORf5big-ip_advanced_firewall_managerRange16.1.0–16.1.3.3
ORf5big-ip_advanced_firewall_managerRange17.0.0–17.0.0.2
ORf5big-ip_analyticsRange13.1.0–13.1.5
ORf5big-ip_analyticsRange14.1.0–14.1.5.3
ORf5big-ip_analyticsRange15.1.0–15.1.8
ORf5big-ip_analyticsRange16.1.0–16.1.3.3
ORf5big-ip_analyticsRange17.0.0–17.0.0.2
ORf5big-ip_application_acceleration_managerRange13.1.0–13.1.5
ORf5big-ip_application_acceleration_managerRange15.1.0–15.1.8
ORf5big-ip_application_acceleration_managerRange16.1.0–16.1.3.3
ORf5big-ip_application_acceleration_managerRange17.0.0–17.0.0.2
ORf5big-ip_application_security_managerRange13.1.0–13.1.5
ORf5big-ip_application_security_managerRange14.1.0–14.1.5.3
ORf5big-ip_application_security_managerRange15.1.0–15.1.8
ORf5big-ip_application_security_managerRange16.1.0–16.1.3.3
ORf5big-ip_application_security_managerRange17.0.0–17.0.0.2
ORf5big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5
ORf5big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5.3
ORf5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.8
ORf5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.3.3
ORf5big-ip_domain_name_systemRange14.1.0–14.1.5.3
ORf5big-ip_domain_name_systemRange15.1.0–15.1.8
ORf5big-ip_domain_name_systemRange16.1.0–16.1.3.3
ORf5big-ip_domain_name_systemRange17.0.0–17.0.0.2
ORf5big-ip_fraud_protection_serviceRange13.1.0–13.1.5
ORf5big-ip_fraud_protection_serviceRange15.1.0–15.1.8
ORf5big-ip_fraud_protection_serviceRange16.1.0–16.1.3.3
ORf5big-ip_fraud_protection_serviceRange17.0.0–17.0.0.2
ORf5big-ip_link_controllerRange13.1.0–13.1.5
ORf5big-ip_link_controllerRange14.1.0–14.1.5.3
ORf5big-ip_link_controllerRange15.1.0–15.1.8
ORf5big-ip_link_controllerRange16.1.0–16.1.3.3
ORf5big-ip_link_controllerRange17.0.0–17.0.0.2
ORf5big-ip_local_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_local_traffic_managerRange14.1.0–14.1.5.3
ORf5big-ip_local_traffic_managerRange15.1.0–15.1.8
ORf5big-ip_local_traffic_managerRange16.1.0–16.1.3.3
ORf5big-ip_local_traffic_managerRange17.0.0–17.0.0.2
ORf5big-ip_policy_enforcement_managerRange13.1.0–13.1.5
ORf5big-ip_policy_enforcement_managerRange14.1.0–14.1.5.3
ORf5big-ip_policy_enforcement_managerRange15.1.0–15.1.8
ORf5big-ip_policy_enforcement_managerRange16.1.0–16.1.3.3
ORf5big-ip_policy_enforcement_managerRange17.0.0–17.0.0.2
ORf5big-ip_ssl_orchestratorRange13.1.0–13.1.5
ORf5big-ip_ssl_orchestratorRange14.1.0–14.1.5.3
ORf5big-ip_ssl_orchestratorRange15.1.0–15.1.8
ORf5big-ip_ssl_orchestratorRange16.1.0–16.1.3.3
ORf5big-ip_ssl_orchestratorRange17.0.0–17.0.0.2
CNA Affected
[
{
"defaultStatus": "unknown",
"modules": [
"All modules"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "17.0.0",
"versionType": "semver"
},
{
"lessThan": "16.1.3.3",
"status": "affected",
"version": "16.1.0",
"versionType": "semver"
},
{
"lessThan": "15.1.8",
"status": "affected",
"version": "15.1.0",
"versionType": "semver"
},
{
"lessThan": "14.1.5.3",
"status": "affected",
"version": "14.1.0",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "affected",
"version": "13.1.0",
"versionType": "semver"
}
]
}
]References
Related
nessus
nessus
F5 Networks BIG-IP : BIG-IP SIP profile vulnerability (K34525368)
2023-06-23 00:00:00
nvd
nvd
CVE-2023-22340
2023-02-01 18:15:11
cnvd
cnvd
F5 BIG-IP SIP profile denial of service vulnerability (CNVD-2023-05958)
2023-02-01 00:00:00
prion
prion
Sql injection
2023-02-01 18:15:00
f5
f5
K34525368 : BIG-IP SIP profile vulnerability CVE-2023-22340
2023-02-01 00:00:00
K000130496 : Overview of F5 vulnerabilities (February 2023)
2023-02-01 00:00:00
cvelist
cvelist
CVE-2023-22340 BIG-IP SIP profile vulnerability
2023-02-01 17:54:06
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
33.7%
Related for CVE-2023-22340