Lucene search

K
f5F5F5:K14229426
HistoryMay 04, 2022 - 12:00 a.m.

K14229426 : BIG-IP SSL vulnerability CVE-2022-29491

2022-05-0400:00:00
my.f5.com
33

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

37.7%

Security Advisory Description

When a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. (CVE-2022-29491)

Impact

Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.

Additionally, you should ensure that your BIG-IP system does not have a virtual server with any of the following combinations.

Combination Client-side profiles Server-side profiles
1 Client SSL + UDP + HTTP TCP + HTTP
2 TCP + HTTP Server SSL + UDP + HTTP
3 Client SSL + UDP + HTTP Server SSL + TCP + HTTP
4 Client SSL + TCP + HTTP Server SSL + UDP + HTTP

These combinations are not supported by F5. You should re-assess your need for a virtual server with any of these combinations and consider removing them.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

37.7%

Related for F5:K14229426