CVE-2022-23022 - Undisclosed Requests Trigger TMM Termination in BIG-IP Version 16.1.x Before 16.1.2

A recently discovered vulnerability in BIG-IP version 16.1.x before 16.1.2 is causing concern among developers and security professionals. Commonly referred to as CVE-2022-23022, this vulnerability potentially creates a significant risk for systems running on the affected software versions, as undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This blog post will discuss the details of the vulnerability, how it can be exploited, and what you can do to mitigate it.

Vulnerability Background

The Traffic Management Microkernel (TMM) is an essential component of the BIG-IP system, responsible for handling application traffic. In BIG-IP version 16.1.x before 16.1.2, it was discovered that undisclosed requests could trigger TMM termination when an HTTP profile is configured on a virtual server.

The F5 Networks Common Vulnerability Scoring System (CVSS) assigns a score of 7.5 to this vulnerability, indicating that it poses a high risk to the affected systems. However, it is worth mentioning that software versions which have reached End of Technical Support (EoTS) are not evaluated.

Exploit Details

Although the exact details about the undisclosed requests that could cause TMM termination are not publicly available, an attacker could potentially execute a Denial-of-Service (DoS) attack by sending a malformed request to the server. This could result in TMM termination and cause BIG-IP to become unresponsive, disrupting critical application traffic.

Here is an example of a Python code snippet that could be used to send a malicious request to a vulnerable BIG-IP system:

import requests

target_url = "http://TARGET-IP-ADDRESS/";
headers = {
    "User-Agent": "CVE-2022-23022-Exploit",
    "Content-Type": "application/x-www-form-urlencoded"
}

payload = "PUT-YOUR-MALFORMED-REQUEST-PAYLOAD-HERE"

response = requests.post(target_url, headers=headers, data=payload)
print(response.status_code)

It is critical that you only use this code snippet for educational purposes and not for any malicious intent.

Mitigation Steps

To mitigate the CVE-2022-23022 vulnerability, system administrators are urged to update all affected BIG-IP instances to version 16.1.2 or later as soon as possible. F5 Networks provides detailed instructions on how to do this on their website. You can follow the link here for more information: BIG-IP Software Versions and Release Notes

In the meantime, administrators can temporarily disable the HTTP profile on affected virtual servers to avoid the risk of exploitation. However, this may lead to a degraded experience for users connecting to the server. As such, updating to the latest software version is the best long-term solution.

Conclusion

CVE-2022-23022 poses a significant risk to all systems running on affected BIG-IP software versions. To protect your systems from this vulnerability, it is vital to keep your software up-to-date and follow the mitigation steps provided by F5 Networks. Applying these measures will help you maintain a more secure and stable server environment for your users.

For more information and updates on this vulnerability, consult the following original references

- F5 Networks Knowledge Base - CVE-2022-23022
- National Vulnerability Database - CVE-2022-23022

Timeline

Published on: 01/25/2022 20:15:00 UTC
Last modified on: 02/01/2022 19:21:00 UTC