CVE-2023-22281

Name of the Vulnerable Software and Affected Versions BIG-IP versions 13.1.x BIG-IP versions 14.1.x before 14.1.5.3 BIG-IP versions 15.1.x before 15.1.8 BIG-IP versions 16.1.x before 16.1.3.3 BIG-IP versions 17.0.x before 17.0.0.2

Description The issue is related to the implementation of Network Address Translation (NAT) technology in the BIG-IP Advanced Firewall Manager (AFM) virtual server FastL4. When a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This is due to the use of an uninitialized resource. Exploitation of the issue may allow a remote attacker to cause a denial of service.

Recommendations For BIG-IP version 13.1.x, update to a version that is still supported and apply the necessary patches. For BIG-IP versions 14.1.x before 14.1.5.3, update to version 14.1.5.3 or later. For BIG-IP versions 15.1.x before 15.1.8, update to version 15.1.8 or later. For BIG-IP versions 16.1.x before 16.1.3.3, update to version 16.1.3.3 or later. For BIG-IP versions 17.0.x before 17.0.0.2, update to version 17.0.0.2 or later. As a temporary workaround, consider restricting access to the FastL4 virtual server until a patch is available.