CVE-2023-22302

Name of the Vulnerable Software and Affected Versions BIG-IP versions 16.1.x beginning in 16.1.2.2 to before 16.1.3.3 BIG-IP versions 17.0.x before 17.0.0.2

Description The issue is related to the implementation of the HTTP Profile configuration on a virtual server in BIG-IP, which can cause the Traffic Management Microkernel (TMM) to terminate when undisclosed requests are sent to the system. This can happen when an HTTP profile is configured on a virtual server and certain conditions exist on the target pool member. The exploitation of this issue can allow a remote attacker to cause a denial of service by sending specially crafted requests.

Recommendations For BIG-IP versions 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, update to version 16.1.3.3 or later. For BIG-IP versions 17.0.x before 17.0.0.2, update to version 17.0.0.2 or later. As a temporary workaround, consider restricting access to the virtual server with the HTTP profile configured to minimize the risk of exploitation.