Traffic Management Microkernel Termination in BIG-IP APM Portal Access
CVE-2022-23014

6.5MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Apm
Vendor: CVE Published:; 25 January 2022

Summary

In specific versions of F5’s BIG-IP APM, configurations on virtual servers can be exploited through discontinuous requests, causing the Traffic Management Microkernel (TMM) to crash. This can lead to potential service downtime and impact on network operations, particularly for those running on versions 15.1.x prior to 15.1.4.1 and 16.1.x prior to 16.1.2. It is crucial for users to evaluate their systems to ensure they are not operating under vulnerable configurations.

Affected Version(s)

BIG-IP APM 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1

References

https://support.f5.com/csp/article/K93526903

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 25, 2022
Vulnerability Reserved
Jan 10, 2022