CVE-2022-36795 LTM TCP profile with Auto Receive Window enabled on a virtual server can be vulnerable to undisclosed traffic. This can lead to a vulnerability.

This issue affects traffic that arrives at TCP port 587 of an LTM virtual server. A remote attacker may be able to exploit this vulnerability to cause a high volume of traffic to be processed by the server resulting in a denial of service. This issue has been assigned the CVE-2019-5725. IMPORTANT: Due to the severity of this issue, LTM administrators are strongly advised to upgrade to a version of BIG-IP software listed in the Kali Table or to a version of BIG-IP software listed in the Pre-Kali Table as soon as possible. To upgrade your system, you must first upgrade the base on which your system runs. For example, if your primary BIG-IP system runs version 17.0.0 and your upgrade target is 16.1.3, you must first upgrade the base on which your system runs, for example, version 16.1.x. Then, you can upgrade the system running 17.0.0 to 17.0.0.1, or the system running 16.1.3 to 16.1.3.1. If you do not have a target version listed in one of the Kali or Pre-Kali tables, you must first upgrade the base running the version listed in the Kali or Pre-Kali table, for example, version 17.0.x to 16.1.x. After upgrading the base, you can upgrade the system running the version that is listed in the Kali or

TCP Port 587 Vulnerability

This vulnerability is caused by improper handling of TCP packets arriving at port 587 that are not part of a network address. These packets may be coming from the local system itself, or they may be arriving from an external source. The vulnerability causes the BIG-IP system to process these packets more aggressively than it should and in doing so, cause high volume data traffic to be processed. This issue has been assigned the CVE-2019-5725.

Issue description

CVE-2019-5725 is a denial of service vulnerability in the BIG-IP system. This issue was discovered by the Cisco Talos team and has been assigned CVE reference number CVE-2022-36795.
This vulnerability affects traffic that arrives at TCP port 587 of an LTM virtual server. A remote attacker may be able to exploit this vulnerability to cause a high volume of traffic to be processed by the server resulting in a denial of service.

Timeline

Published on: 10/19/2022 22:15:00 UTC
Last modified on: 10/21/2022 15:21:00 UTC

References

• https://support.f5.com/csp/article/K52494562
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36795