PT-2022-15788 · F5 · Big-Ip
Published
2022-01-25
·
Updated
2022-02-01
·
CVE-2022-23020
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
BIG-IP versions 16.1.x before 16.1.2
Description
The issue occurs when the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, allowing undisclosed requests to cause the Traffic Management Microkernel (TMM) to terminate.
Recommendations
For BIG-IP versions 16.1.x before 16.1.2, update to version 16.1.2 or later to resolve the issue. As a temporary workaround, consider disabling the 'Respond on Error' setting on the Request Logging profile until a patch is available. Restrict access to the virtual server configured with the Request Logging profile to minimize the risk of exploitation.
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Big-Ip