CVE-2022-29491

7.5HIGH

Key Information:

Vendor: F5
Status: Big-ip Ltm, Advanced Waf, Asm, And Apm
Vendor: CVE Published:; 5 May 2022

Summary

On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected Version(s)

BIG-IP LTM, Advanced WAF, ASM, and APM 13.1.x

BIG-IP LTM, Advanced WAF, ASM, and APM 12.1.x

BIG-IP LTM, Advanced WAF, ASM, and APM 11.6.x

References

https://support.f5.com/csp/article/K14229426

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2022
Vulnerability Reserved
Apr 19, 2022