BIG-IP DNS TMUI vulnerability CVE-2022-33947

A vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operations through undisclosed requests. (CVE-2022-33947)

Impact

This vulnerability allows a remote authenticated attacker with at least operator role privileges and with network access to the TMUI (also known as the Configuration utility) through the BIG-IP management port and/or self IP addresses to cause a denial-of-service (DoS) on the Tomcat process. The BIG-IP TMUI becomes unavailable while the Tomcat process restarts. This vulnerability may allow the attacker to force the Tomcat process to perform unauthorized DNS request lookups and copy and delete files of low importance. There is no data plane exposure; this is a control plane issue only.