CVE-2022-29473

high-risk

Published 2022-05-05

On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an IPSec ALG profile is configured on a virtual server, undisclosed responses can cause Traffic Management Microkernel(TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Do I need to act?

-

0.67% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

5

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (20)

Big-Ip Link Controller

Big-Ip Link Controller

Big-Ip Link Controller

Big-Ip Link Controller

Big-Ip Link Controller

Big-Ip Link Controller

Big-Ip Link Controller

Big-Ip Link Controller

Big-Ip Link Controller

Big-Ip Link Controller

Big-Ip Link Controller

Big-Ip Link Controller

Big-Ip Link Controller

Big-Ip Link Controller

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Affected Vendors

F5

References (2)

Vendor Advisory https://support.f5.com/csp/article/K06323049

Vendor Advisory https://support.f5.com/csp/article/K06323049

53

/ 100

high-risk

Severity 18/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 33/34 · Critical