PT-2022-15791 · F5 · Big-Ip Afm
Published
2022-01-25
·
Updated
2022-02-01
·
CVE-2022-23024
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
BIG-IP AFM versions 13.1.x
BIG-IP AFM versions 14.1.x through 14.1.4.1
BIG-IP AFM versions 15.1.x through 15.1.4
BIG-IP AFM versions 16.x through 16.0.x
Description
When the IPsec application layer gateway (ALG) logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel (TMM) to terminate.
Recommendations
For BIG-IP AFM version 13.1.x, consider disabling the IPsec ALG logging profile until a patch is available.
For BIG-IP AFM versions 14.1.x through 14.1.4.1, update to version 14.1.4.2 or later.
For BIG-IP AFM versions 15.1.x through 15.1.4, update to version 15.1.4.1 or later.
For BIG-IP AFM versions 16.x through 16.0.x, update to version 16.1.0 or later.
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Big-Ip Afm