Resource Consumption Vulnerability in F5 BIG-IP APM by F5 Networks
CVE-2022-27181

5.3MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Apm
Vendor: CVE Published:; 5 May 2022

What is CVE-2022-27181?

A resource consumption vulnerability exists in F5 BIG-IP APM when configured on a virtual server with an associated access profile using APM AAA NTLM Auth. Certain undisclosed requests can lead to increased internal resource utilization, potentially affecting the performance of the affected systems.

Affected Version(s)

BIG-IP APM 12.1.x

BIG-IP APM 11.6.x

BIG-IP APM 16.1.x < 16.1.2.2

References

https://support.f5.com/csp/article/K93543114

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2022
Vulnerability Reserved
Apr 19, 2022