CVE-2022-34862

HIGH

F5 Big-ip Access Policy Manager < 13.1.5 - Infinite Loop

Title source: rule

Description

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References (1)

[Exploit, Vendor Advisory] https://support.f5.com/csp/article/K66510514

Scores

CVSS v3 7.5

EPSS 0.0099

EPSS Percentile 77.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-835

Status published

Products (11)

f5/big-ip_access_policy_manager 13.1.0 - 13.1.5

f5/big-ip_advanced_firewall_manager 13.1.0 - 13.1.5

f5/big-ip_analytics 13.1.0 - 13.1.5

f5/big-ip_application_acceleration_manager 13.1.0 - 13.1.5

f5/big-ip_application_security_manager 13.1.0 - 13.1.5

f5/big-ip_domain_name_system 13.1.0 - 13.1.5

f5/big-ip_fraud_protection_service 13.1.0 - 13.1.5

f5/big-ip_global_traffic_manager 13.1.0 - 13.1.5

f5/big-ip_link_controller 13.1.0 - 13.1.5

f5/big-ip_local_traffic_manager 13.1.0 - 13.1.5

... and 1 more

Published Aug 04, 2022

Tracked Since Feb 18, 2026