Vulnerabilities > CVE-2022-23021 - NULL Pointer Dereference vulnerability in F5 products

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

CWE-476

NVD

Published: 2022-01-25

Updated: 2022-02-01

Summary

On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP Profile. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Access Policy Manager 16.1.0 F5 BIG IP Advanced Firewall Manager 16.1.0 F5 BIG IP Analytics * F5 BIG IP Application Acceleration Manager * F5 BIG IP Application Security Manager * F5 BIG IP Domain Name System * F5 BIG IP Fraud Protection Service * F5 BIG IP Global Traffic Manager * F5 BIG IP Link Controller 16.1.0 F5 BIG IP Local Traffic Manager * F5 BIG IP Policy Enforcement Manager *	11

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://support.f5.com/csp/article/K57111075