Vulnerabilities > CVE-2022-23021 - NULL Pointer Dereference vulnerability in F5 products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

CWE-476

NVD

Published: 2022-01-25

Updated: 2022-02-01

Summary

On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP Profile. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Access Policy Manager 16.1.0 F5 BIG IP Access Policy Manager 16.1.1 F5 BIG IP Access Policy Manager 16.1.2 F5 BIG IP Advanced Firewall Manager 16.1.0 F5 BIG IP Advanced Firewall Manager 16.1.1 F5 BIG IP Analytics 16.1.0 F5 BIG IP Analytics 16.1.1 F5 BIG IP Application Acceleration Manager 16.1.0 F5 BIG IP Application Acceleration Manager 16.1.1 F5 BIG IP Application Acceleration Manager 16.1.2 F5 BIG IP Application Security Manager 16.1.0 F5 BIG IP Domain Name System 16.1.0 F5 BIG IP Domain Name System 16.1.1 F5 BIG IP Fraud Protection Service 16.1.0 F5 BIG IP Fraud Protection Service 16.1.1 F5 BIG IP Global Traffic Manager 16.1.0 F5 BIG IP Global Traffic Manager 16.1.1 F5 BIG IP Link Controller 16.1.0 F5 BIG IP Link Controller 16.1.1 F5 BIG IP Local Traffic Manager 16.1.0 F5 BIG IP Local Traffic Manager 16.1.1 F5 BIG IP Policy Enforcement Manager 16.1.0 F5 BIG IP Policy Enforcement Manager 16.1.1 F5 BIG IP Policy Enforcement Manager 16.1.2	24

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://support.f5.com/csp/article/K57111075