CVE-2022-34862 TMM vulnerability CVE-2022-34862

2022-08-0417:48:11

CWE-835

www.cve.org

cve-2022-34862

big-ip

tmm

vulnerability

normalization

termination

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

36.8%

JSON

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CNA Affected

[
  {
    "product": "BIG-IP",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "13.1.x*",
        "status": "affected",
        "version": "13.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "14.1.5",
        "status": "affected",
        "version": "14.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1.6.1",
        "status": "affected",
        "version": "15.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "16.1.3.1",
        "status": "affected",
        "version": "16.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "17.0.x*",
        "status": "unaffected",
        "version": "17.0.0",
        "versionType": "custom"
      }
    ]
  }
]