CVE-2022-23010 BIG-IP versions 16.x, 15.1.x, 14.1.x, and 13.1.x have undisclosed requests that can cause an increase in FastL4 profiles and HTTP profiles on a virtual server.

CVE-2022-23010 BIG-IP versions 16.x, 15.1.x, 14.1.x, and 13.1.x have undisclosed requests that can cause an increase in FastL4 profiles and HTTP profiles on a virtual server.

This issue affects only those versions of BIG-IP where FastL4 is enabled. FastL4 is not enabled by default in newer versions of BIG-IP. For information about how to manually enable FastL4, see the following article in the knowledge base: https://support.f5.com/kb/enabling-fastl4-with-f5-big-ip-nf-servers This issue has been fixed in the following versions of v16.x: v16.1.0 v16.0.0 v15.1.4 v15.1.3 v15.1.1 v15.1.0 v15.0.5 v15.0.4 v15.0.3 v14.1.4 v14.1.3 v14.1.2 v14.1.1 v14.1.0 v14.0.0 v13.1.4 v13.1.3 v13.1.2 v13.1.1 v13.1.0 v12.1.4 v12.1.3 v12.1.2 v12.1.1 v12.1.0 v11.6.0 v11.5.0 v11.4.0 v11.3.0 v11.2.0 v11.1.0 v11.0.0 v10.1.0 v10

What is F5 BIG-IP® v16.x?

F5 BIG-IP® v16.x is the latest version of the enterprise-ready, application delivery controller (ADC) platform designed to deliver high performance, reliability, and availability in any environment. The solution was designed with security in mind and offers advanced visibility into the data plane and deep packet inspection (DPI). F5 BIG-IP provides a broad range of features that include:
* Advanced DPI capabilities including Application Layer Inspection (ALI), Application Visibility and Control (AVC), Content Security Policy (CSP), SSL/TLS inspection, URL filtering, HTTP Inspection, Email Inspection, and DNS Inspection
* Secure Web Portal that allows for centralized management of all access control policies
* Inline caching for large deployments
* VLAN support which extends virtual private networking (VPN) isolation to internal networks
* Unified Access Policy Manager that enables customers to deploy multi-site deployment without code changes
* Zero-touch provisioning which consolidates user provisioning across multiple platforms including physical appliances or virtual machines

How to determine if you are affected by this vulnerability

If you are using an affected version of BIG-IP, you should have received an update from F5 that fixes this vulnerability. If you have not received such an update, the following article in the knowledge base may help: https://support.f5.com/kb/enabling-fastl4-with-f5-big-ip-nf-servers Older versions of v16.x must be manually updated to v16.1.0.

Description

This issue has been fixed in the following versions of v10.1.0 and later:
- v10.1.0

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe