PT-2022-19645 · F5 · F5 Big-Ip

Published

2022-05-05

Updated

2022-05-12

CVE-2022-29480

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 13.1.5 F5 BIG-IP versions 12.1.x F5 BIG-IP versions 11.6.x

Description The issue causes an increase in CPU resource utilization when multiple route domains are configured and undisclosed requests are made to big3d.

Recommendations For F5 BIG-IP versions prior to 13.1.5, update to version 13.1.5 or later. For F5 BIG-IP versions 12.1.x, consider upgrading to a supported version. For F5 BIG-IP versions 11.6.x, consider upgrading to a supported version. As a temporary workaround, consider restricting access to the big3d component to minimize the risk of exploitation.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2022-29480

Affected Products

F5 Big-Ip

PT-2022-19645 · F5 · F5 Big-Ip

CVE-2022-29480

Weakness Enumeration

Related Identifiers

Affected Products

References · 3