While Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions cause the BIG-IP system to send data unencrypted, even with an SSL profile applied. (CVE-2022-41983)
Impact
This vulnerability may expose confidential information to a man-in-the-middle attacker, as data is sent without required encryption. Since this vulnerability results in a TLS record with a bad MAC, the connection will typically be aborted due to failed MAC verification after decrypt.
This vulnerability applies to the following platforms: