CVE-2022-23023

Name of the Vulnerable Software and Affected Versions BIG-IP versions 12.1.x through 16.1.x before 16.1.2.1 BIG-IP versions 13.1.x BIG-IP versions 14.1.x before 14.1.4.5 BIG-IP versions 15.1.x before 15.1.5 BIG-IQ versions 7.x BIG-IQ versions 8.x

Description The issue is related to an uncontrolled resource consumption in the iControl REST API interface of BIG-IP Access Policy Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP DDos, BIG-IP Fraud Protection Service, BIG-IP Link Controller, and BIG-IP Local Traffic Manager. This can be exploited by a remote attacker to cause a denial of service. The vulnerability can be triggered by undisclosed requests from an authenticated iControl REST user, leading to increased memory resource utilization.

Recommendations For BIG-IP versions 12.1.x, consider upgrading to a version outside of the affected range. For BIG-IP versions 13.1.x, consider upgrading to a version outside of the affected range. For BIG-IP versions 14.1.x before 14.1.4.5, update to version 14.1.4.5 or later. For BIG-IP versions 15.1.x before 15.1.5, update to version 15.1.5 or later. For BIG-IP versions 16.1.x before 16.1.2.1, update to version 16.1.2.1 or later. For BIG-IQ versions 7.x and 8.x, consider upgrading to a version outside of the affected range.