Lucene search
F5F5:K59197053HistoryAug 03, 2022 - 12:00 a.m.
K59197053 : BIG-IP TLS 1.3 iRule vulnerability CVE-2022-34651
2022-08-0300:00:00
my.f5.com
20
big-ip
tls 1.3
irule
vulnerability
cve-2022-34651
tmm
denial-of-service
unauthenticated
attacker
disruption
data plane
Security Advisory Description
When an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2022-34651)
Impact
Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.
Note: TLS 1.3 is disabled by default. This vulnerability affects only configurations where TLS 1.3 has been explicitly enabled.
Related
cnvd
cnvd
F5 BIG-IP TLS 1.3 iRule null pointer dereference vulnerability
2022-08-03 00:00:00
nvd
nvd
CVE-2022-34651
2022-08-04 18:15:10
prion
prion
Design/Logic Flaw
2022-08-04 18:15:00
cvelist
cvelist
CVE-2022-34651 BIG-IP TLS 1.3 iRule vulnerability CVE-2022-34651
2022-08-04 17:47:17
cve
cve
CVE-2022-34651
2022-08-04 18:15:10
nessus
nessus
F5 Networks BIG-IP : BIG-IP TLS 1.3 iRule vulnerability (K59197053)
2022-08-03 00:00:00
f5
f5
K14649763 : Overview of F5 vulnerabilities (August 2022)
2022-08-03 00:00:00