Lucene search
F5F5:K23465404HistoryAug 03, 2022 - 12:00 a.m.
K23465404 : BIG-IP LTM and APM NTLM vulnerability CVE-2022-33968
2022-08-0300:00:00
my.f5.com
35
big-ip
ltm
apm
ntlm
vulnerability
cve-2022-33968
monitor
sso
traffic
buffer over-read
impact
attacker
system memory
data plane.
Security Advisory Description
When an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read. (CVE-2022-33968)
Impact
If an attacker controls the server that handles monitor traffic or the APM SSO endpoint, arbitrary system memory may be leaked to the server. There is no control plane exposure; this is a data plane issue only. To exploit this vulnerability, an attacker must have a privileged network position.
Related
cve
cve
CVE-2022-33968
2022-08-04 18:15:09
cnvd
cnvd
F5 BIG-IP LTM and APM NTLM out-of-bounds read vulnerability
2022-08-03 00:00:00
nessus
nessus
F5 Networks BIG-IP : BIG-IP LTM and APM NTLM vulnerability (K23465404)
2022-08-03 00:00:00
prion
prion
Code injection
2022-08-04 18:15:00
cvelist
cvelist
CVE-2022-33968 BIG-IP LTM and APM NTLM vulnerability CVE-2022-33968
2022-08-04 17:47:03
nvd
nvd
CVE-2022-33968
2022-08-04 18:15:09
f5
f5
K14649763 : Overview of F5 vulnerabilities (August 2022)
2022-08-03 00:00:00