When an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read. (CVE-2022-33968)
Impact
If an attacker controls the server that handles monitor traffic or the APM SSO endpoint, arbitrary system memory may be leaked to the server. There is no control plane exposure; this is a data plane issue only. To exploit this vulnerability, an attacker must have a privileged network position.