25 vulnerabilities in F5 firewall and other products: Patch immediately

  • CVE-2022–23008 (CVSS 8.7): An authenticated threat actor could use undisclosed API endpoints in NGINX Controller API Management to inject JavaScript code into affected implementations
  • CVE-2022–23009 (CVSS 8.0): An administrative role user authenticated on a BIG-IP device could access other BIG-IP devices managed by the same BIG-IQ system
  • CVE-2022–23010 (CVSS 7.5): If a FastL4 profile and HTTP profile are configured on a virtual server, undisclosed requests can consume all affected system resources
  • CVE-2022–23011 (CVSS 7.5): Virtual servers on some BIG-IP hardware platforms may stop responding while processing TCP traffic due to an issue in the SYN cookie protection feature.
  • CVE-2022–23012 (CVSS 7.5): If an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to forcibly close
  • CVE-2022–23013 (CVSS 7.5): A DOM-based XSS flaw on an undisclosed page of the BIG-IP configuration utility would allow threat actors to execute JavaScript code in the context of the user with an active session
  • CVE-2022–23014 (CVSS 7.5): When access to the BIG-IP APM portal is configured on a virtual server, undisclosed requests can force the closure of the Traffic Management Microkernel (TMM)
  • CVE-2022–23015 (CVSS 7.5): When you configure a client SSL profile on a virtual server with Client Certificate Authentication and Session Ticket enabled and configured, SSL traffic processing can consume all resources in system memory
  • CVE-2022–23016 (CVSS 7.5): If BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can force the traffic management microkernel (TMM) to close
  • CVE-2022–23017 (CVSS 7.5): When a virtual server is configured with a DNS profile with quick response mode settings enabled and configured on a BIG-IP system, undisclosed requests can force the Traffic Management Microkernel (TMM) to close
  • CVE-2022–23018 (CVSS 7.5): When a virtual server is configured with HTTP protocol security and HTTP proxy connection profiles, undisclosed requests can force the traffic management microkernel (TMM) to close
  • CVE-2022–23019 (CVSS 7.5): When a message routing type virtual server is configured with router session profiles in BIG-IP, undisclosed traffic can cause excessive consumption of memory resources
  • CVE-2022–23023 (CVSS 6.5): Undisclosed requests by an iControl REST user authenticated to BIG-IP could cause an increase in memory resource utilization
  • CVE-2022–23026 (CVSS 5.4): An authenticated user with low privileges in BIG-IP could load data using an undisclosed REST endpoint, generating a disproportionate increase in system resources
  • CVE-2022–23027 (CVSS 5.3): When a FastL4 profile and an HTTP, FIX, or hash persistence profile are configured on the same virtual server, undisclosed requests can cause the virtual server to stop processing new client connections
  • CVE-2022–23028 (CVSS 5.3): When AFM SYN global cookie protection is enabled on BIG-IP, on the AFM Dos device or the DOS profile, certain types of TCP connections will fail
  • CVE-2022–23029 (CVSS 5.3): When you configure a FastL4 profile on a virtual server, undisclosed traffic may cause an increase in memory resource utilization
  • CVE-2022–23030 (CVSS 5.3): When BIG-IP Virtual Edition (VE) uses the ixlv driver and TCP segmentation offload settings are enabled, undisclosed requests can cause a disproportionate increase in CPU resource usage
  • CVE-2022–23031 (CVSS 4.9): An XML External Entity (XXE) flaw in an undisclosed page of F5 Advanced Web Application Firewall and BIG-IP ASM Traffic Management User Interface would allow authenticated threat actors to access local files and force BIG-IP to send HTTP requests
  • CVE-2022–23032 (CVSS 3.1): When proxy settings select the network access resource of a BIG-IP APM system, the BIG-IP Edge Client connection on Mac and Windows may be exposed to DNS relay attacks

--

--

--

Knowledge belongs to the world

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eli Cyber Security

Eli Cyber Security

Knowledge belongs to the world

More from Medium

Living Off The Land: Suspicious System32

Blue Teaming with Honeypots

How to Install Splunk on Linux

WRITING A SIMPLE ROOTKIT FOR LINUX