Lucene search
F5F5:K20717585HistoryFeb 01, 2023 - 12:00 a.m.
K20717585 : BIG-IP APM OAuth vulnerability CVE-2023-22341
2023-02-0100:00:00
my.f5.com
5
big-ip apm
oauth
dos
vulnerability
cve-2023-22341
Security Advisory Description
When the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate:
- An OAuth Server that references an OAuth Provider
- An OAuth profile with the Authorization Endpoint set to ‘/’
- An access profile that references the above OAuth profile and is associated with an HTTPS virtual server
Impact
Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.
Related
nessus
nessus
F5 Networks BIG-IP : BIG-IP APM OAuth vulnerability (K20717585)
2023-06-23 00:00:00
cnvd
cnvd
F5 BIG-IP APM Oauth Denial of Service Vulnerability
2023-02-01 00:00:00
nvd
nvd
CVE-2023-22341
2023-02-01 18:15:11
cve
cve
CVE-2023-22341
2023-02-01 18:15:11
prion
prion
Design/Logic Flaw
2023-02-01 18:15:00
cvelist
cvelist
CVE-2023-22341 BIG-IP APM OAuth vulnerability
2023-02-01 17:54:17
f5
f5
K000130496 : Overview of F5 vulnerabilities (February 2023)
2023-02-01 00:00:00