CVE-2022-35272

In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.f5.com/csp/article/K90024104	Vendor Advisory
https://support.f5.com/csp/article/K90024104	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager:17.0.0:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.0.0:::::::*

History

21 Nov 2024, 07:11

Type	Values Removed	Values Added
References	~~() https://support.f5.com/csp/article/K90024104 - Vendor Advisory~~	() https://support.f5.com/csp/article/K90024104 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : 7.5

Information

Published : 2022-08-04 18:15

Updated : 2024-11-21 07:11

NVD link : CVE-2022-35272

Mitre link : CVE-2022-35272

CVE.ORG link : CVE-2022-35272

JSON object : View

Products Affected

big-ip_domain_name_system
big-ip_global_traffic_manager
big-ip_advanced_firewall_manager
big-ip_access_policy_manager
big-ip_application_acceleration_manager
big-ip_link_controller
big-ip_local_traffic_manager
big-ip_policy_enforcement_manager
big-ip_fraud_protection_service
big-ip_analytics
big-ip_application_security_manager

CWE

CWE-404

Improper Resource Shutdown or Release

{"id": "CVE-2022-35272", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "f5sirt@f5.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-08-04T18:15:10.823", "references": [{"url": "https://support.f5.com/csp/article/K90024104", "tags": ["Vendor Advisory"], "source": "f5sirt@f5.com"}, {"url": "https://support.f5.com/csp/article/K90024104", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "f5sirt@f5.com", "description": [{"lang": "en", "value": "CWE-404"}]}], "descriptions": [{"lang": "en", "value": "In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}, {"lang": "es", "value": "En BIG-IP versiones 17.0.x anteriores a 17.0.0.1 y 16.1.x anteriores a 16.1.3.1, cuando es configurado source-port preserve-strict en un servidor virtual HTTP Message Routing Framework (MRF), el tr\u00e1fico no revelado puede causar a el Traffic Management Microkernel (TMM) producir un archivo de n\u00facleo y que la conexi\u00f3n termine. Nota: Las versiones de software que han alcanzado el fin del soporte t\u00e9cnico (EoTS) no son evaluadas"}], "lastModified": "2024-11-21T07:11:01.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE0DB896-63DC-4622-A4DA-5B77A919EDF0", "versionEndExcluding": "16.1.3.1", "versionStartIncluding": "16.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD637AF5-F7D1-428F-955E-16756B7476E0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE0CE38A-7167-4DE4-BB9D-CD6DF81FE0F2", "versionEndExcluding": "16.1.3.1", "versionStartIncluding": "16.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8332960-4AAE-4101-8FFF-2D07B6479BD4"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BC32350-1D2B-4284-941B-8B98305C45F0", "versionEndExcluding": "16.1.3.1", "versionStartIncluding": "16.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:17.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA0A9081-15D2-44F7-B66E-5C594F7C8066"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83ACDEF1-CF4F-41BF-B256-EA7198BB9208", "versionEndExcluding": "16.1.3.1", "versionStartIncluding": "16.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDEBE106-40F1-439C-8154-187D89988C3E"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "179FECCD-2795-4194-BED0-18CFEF792E9F", "versionEndExcluding": "16.1.3.1", "versionStartIncluding": "16.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9AB53DF-7335-462E-B8CD-44DF0DCE3826"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37684CEC-10C0-4B3C-B8F1-BBAAF3C08B61", "versionEndExcluding": "16.1.3.1", "versionStartIncluding": "16.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:17.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC4E36FE-C4C7-4C00-A65A-41F50FCE017D"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58B1F7D1-80E2-4C5E-967C-C48244BA7B43", "versionEndExcluding": "16.1.3.1", "versionStartIncluding": "16.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D0954BD-CC9C-448F-A9C1-3FB71AB27D6D"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FE45D7A-BBB1-41AB-B980-B0BE9A3B5E83", "versionEndExcluding": "16.1.3.1", "versionStartIncluding": "16.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B04EE3A2-A09D-41C3-A5F2-DAC007041B14"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A57376D-044D-46E4-9702-ECEF1F8A6380", "versionEndExcluding": "16.1.3.1", "versionStartIncluding": "16.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:17.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7B147BB-1B2E-4F40-9FA7-1165B8F0B60D"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "330DF580-A2F8-43A9-A73A-18DAE744352A", "versionEndExcluding": "16.1.3.1", "versionStartIncluding": "16.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73FB842B-33B1-4AD4-AC61-47192A87A785"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA2E069B-1FD5-48BE-9468-9C70C2BC30C1", "versionEndExcluding": "16.1.3.1", "versionStartIncluding": "16.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "509A4307-3EC4-4AE7-AF72-3C2B3CF9E754"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com"}

7.5 /10