Memory Resource Utilization Flaw in F5 BIG-IP and BIG-IQ Products
CVE-2022-23023

6.5MEDIUM

Key Information:

Vendor: F5
Status: Big-ip & Big-iq
Vendor: CVE Published:; 25 January 2022

What is CVE-2022-23023?

On certain versions of F5 Networks' BIG-IP and BIG-IQ products, an authenticated iControl REST user can inadvertently trigger an increase in memory resource utilization through undisclosed requests. This can lead to performance issues, making the systems more vulnerable to potential exploits. It's essential for users to ensure they are running supported versions as software versions reaching End of Technical Support (EoTS) are not examined for such vulnerabilities.

Affected Version(s)

BIG-IP & BIG-IQ BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x

References

https://support.f5.com/csp/article/K11742742

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 25, 2022
Vulnerability Reserved
Jan 10, 2022