Rewterz Threat Alert – Donot APT Group – Active IOCs
January 20, 2022Rewterz Threat Alert – Conti Ransomware Group Attacks Indonesia’s Central Bank – Fresh IOCs
January 21, 2022Rewterz Threat Alert – Donot APT Group – Active IOCs
January 20, 2022Rewterz Threat Alert – Conti Ransomware Group Attacks Indonesia’s Central Bank – Fresh IOCs
January 21, 2022Severity
High
Analysis Summary
CVE-2022-23028
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when global AFM SYN cookie protection (TCP Half Open flood vector) is activated. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2022-23029
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a FastL4 profile is configured on a virtual server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause an increase in memory resource utilization.
CVE-2022-23030
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw When the BIG-IP Virtual Edition (VE) uses the ixlv driver and TCP Segmentation Offload configuration is enable. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause an increase in CPU resource utilization.
CVE-2022-23031
F5 BIG-IP could allow a remote authenticated attacker to obtain sensitive information, caused by an XML External Entity (XXE) in an undisclosed page of the F5 Advanced Web Application Firewall (Advanced WAF) and BIG-IP ASM Traffic Management User Interface (TMUI). By sending a specially-crafted file, a remote attacker could exploit this vulnerability to read local files and force BIG-IP to send HTTP requests.
CVE-2022-23032
F5 BIG-IP could allow a remote attacker to obtain sensitive information, caused by a DNS rebinding attack when proxy settings are configured in the network access resource of a BIG-IP APM system. By sending a specially-crafted request, an attacker could exploit this vulnerability to exfiltrate proxy configuration details.
CVE-2022-23023
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw in iControl REST. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause an increase in memory resource utilization.
CVE-2022-23024
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when the IPsec application layer gateway (ALG) logging profile is configured on an IPsec ALG virtual server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.
CVE-2022-23025
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a SIP ALG profile is configured on a virtual server. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.
CVE-2022-23026
F5 BIG-IP is vulnerable to a denial of service caused by a flaw in the REST API endpoint. By sending a specially-crafted request, an attacker could exploit this vulnerability to upload data to cause an increase in disk resource utilization.
CVE-2022-23027
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured on the same virtual server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the virtual server to stop processing new client connections.
CVE-2022-23022
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when an HTTP profile is configured on a virtual server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.
CVE-2022-23011
F5 BIG-IP is vulnerable to a denial of service, caused by an issue in the SYN Cookie Protection feature. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2022-23008
F5 NGINX Controller API Management could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to inject JavaScript code that is executed on managed NGINX data plane instances.
CVE-2022-23009
F5 BIG-IQ Centralized Management could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain access to all BIG-IP devices managed by the same BIG-IQ system.
CVE-2022-23010
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a FastL4 profile and an HTTP profile are configured on a virtual server. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause an increase in memory resource utilization.
Impact
- Denial of Service
- Information Disclosure
- Security Bypass
Affected Vendors
F5
Affected Products
- F5 BIG-IP (AFM) 15.1.0
- F5 BIG-IP (AFM) 14.1.0
- F5 BIG-IP (AFM) 13.1.0
- F5 BIG-IP (AFM) 15.1.4
- F5 BIG-IP 11.6.1
- F5 BIG-IP 12.1.0
- F5 BIG-IP 13.1.0
- F5 BIG-IP 14.1.0
- F5 BIG-IP 15.1.0
- F5 BIG-IP 14.1.4
- F5 BIG-IP (APM) 12.1.0
- F5 BIG-IP (APM) 14.1.0
- F5 BIG-IP (APM) 15.0.0
- F5 BIG-IP (APM) 13.1.0
- F5 BIG-IP 12.1.5
- F5 BIG-IQ Centralized Management 7.0.0
- F5 NGINX Controller API Management 3.18.0
- F5 NGINX Controller API Management 3.19.0
- F5 BIG-IQ Centralized Management 8.0.0
Remediation
Refer to F5 Security Advisory for patch, upgrade, or suggested workaround information.
CVE-2022-23028
https://support.f5.com/csp/article/K16101409
CVE-2022-23029
https://support.f5.com/csp/article/K50343028
CVE-2022-23030
https://support.f5.com/csp/article/K50343028
CVE-2022-23031
https://support.f5.com/csp/article/K61112120
CVE-2022-23032
https://support.f5.com/csp/article/K30525503
CVE-2022-23023
https://support.f5.com/csp/article/K11742742
CVE-2022-23024
https://support.f5.com/csp/article/K54892865
CVE-2022-23025
https://support.f5.com/csp/article/K44110411
CVE-2022-23026
https://support.f5.com/csp/article/K08402414
CVE-2022-23027
https://support.f5.com/csp/article/K30573026
CVE-2022-23022
https://support.f5.com/csp/article/K96924184
CVE-2022-23011
https://support.f5.com/csp/article/K96924184
CVE-2022-23008
https://support.f5.com/csp/article/K57735782
CVE-2022-23009
https://support.f5.com/csp/article/K47592780
CVE-2022-23010