BIG-IP and BIG-IQ AWS vulnerability CVE-2022-34844
CVE-2022-34844

5.9MEDIUM

Key Information:

Vendor: F5
Status: Big-ip; Big-iq Centralized Management
Vendor: CVE Published:; 4 August 2022

Summary

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Version(s)

BIG-IP 15.1.x < 15.1.6.1

BIG-IP 16.1.x < 16.1.3.1

BIG-IQ Centralized Management 8.0.0 < 8.x*

References

https://support.f5.com/csp/article/K34511555

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 4, 2022
Vulnerability Reserved
Jul 19, 2022