PT-2022-22391 · F5+1 · F5 Big-Ip+4
Published
2022-08-04
·
Updated
2022-08-10
·
CVE-2022-34844
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 15.1.x through 15.1.6.0
F5 BIG-IP versions 16.1.x through 16.1.3.0
F5 BIG-IQ versions 8.x
Description
The issue arises when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems. Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control.
Recommendations
For F5 BIG-IP versions 15.1.x through 15.1.6.0, update to version 15.1.6.1 or later.
For F5 BIG-IP versions 16.1.x through 16.1.3.0, update to version 16.1.3.1 or later.
For F5 BIG-IQ versions 8.x, consider disabling the DPDK/ENA driver as a temporary workaround until a patch is available.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amazon Web Services
Network Adapter
F5 Big-Ip
F5 Big-Iq
Traffic Management Microkernel