Details of VAR-202201-1345

ID

VAR-202201-1345

CVE

CVE-2022-23028

TITLE

BIG-IP AFM calculation error vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004192

DESCRIPTION

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when global AFM SYN cookie protection (TCP Half Open flood vector) is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP AFM contains a computational error vulnerability.Service operation interruption (DoS) It may be in a state. F5 BIG-IP is an application delivery platform of F5 that integrates functions such as network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. F5 BIG-IP AFM has a security vulnerability that could be exploited by an attacker to cause a denial of service on the BIG-IP system

Trust: 1.8

sources: NVD: CVE-2022-23028 // JVNDB: JVNDB-2022-004192 // VULHUB: VHN-411899 // VULMON: CVE-2022-23028

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	15.1.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	13.1.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	14.1.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-004192 // NVD: CVE-2022-23028

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-23028
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-23028
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202201-1637
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-411899
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-23028
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-23028
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-411899
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-23028
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-23028
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-411899 // VULMON: CVE-2022-23028 // JVNDB: JVNDB-2022-004192 // CNNVD: CNNVD-202201-1637 // NVD: CVE-2022-23028

PROBLEMTYPE DATA

problemtype:	CWE-682	Trust: 1.1
problemtype:	calculation error (CWE-682) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-411899 // JVNDB: JVNDB-2022-004192 // NVD: CVE-2022-23028

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-1637

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-1637

PATCH

title:	K16101409	url:	https://my.f5.com/manage/s/article/K16101409	Trust: 0.8
title:	F5 BIG-IP AFM Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178866	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-23028 // JVNDB: JVNDB-2022-004192 // CNNVD: CNNVD-202201-1637

EXTERNAL IDS

db:	NVD	id:	CVE-2022-23028	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-004192	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.0330	Trust: 0.6
db:	CS-HELP	id:	SB2022011929	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-1637	Trust: 0.6
db:	CNVD	id:	CNVD-2022-70621	Trust: 0.1
db:	VULHUB	id:	VHN-411899	Trust: 0.1
db:	VULMON	id:	CVE-2022-23028	Trust: 0.1

sources: VULHUB: VHN-411899 // VULMON: CVE-2022-23028 // JVNDB: JVNDB-2022-004192 // CNNVD: CNNVD-202201-1637 // NVD: CVE-2022-23028

REFERENCES

url:	https://support.f5.com/csp/article/k16101409	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23028	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.0330	Trust: 0.6
url:	https://vigilance.fr/vulnerability/f5-big-ip-afm-denial-of-service-via-syn-cookie-protection-37305	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011929	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/682.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-411899 // VULMON: CVE-2022-23028 // JVNDB: JVNDB-2022-004192 // CNNVD: CNNVD-202201-1637 // NVD: CVE-2022-23028

SOURCES

db:	VULHUB	id:	VHN-411899
db:	VULMON	id:	CVE-2022-23028
db:	JVNDB	id:	JVNDB-2022-004192
db:	CNNVD	id:	CNNVD-202201-1637
db:	NVD	id:	CVE-2022-23028

LAST UPDATE DATE

2024-11-23T21:58:32.583000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411899	date:	2022-02-01T00:00:00
db:	VULMON	id:	CVE-2022-23028	date:	2022-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-004192	date:	2023-03-30T02:24:00
db:	CNNVD	id:	CNNVD-202201-1637	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2022-23028	date:	2024-11-21T06:47:50.310

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411899	date:	2022-01-25T00:00:00
db:	VULMON	id:	CVE-2022-23028	date:	2022-01-25T00:00:00
db:	JVNDB	id:	JVNDB-2022-004192	date:	2023-03-30T00:00:00
db:	CNNVD	id:	CNNVD-202201-1637	date:	2022-01-19T00:00:00
db:	NVD	id:	CVE-2022-23028	date:	2022-01-25T20:15:09.873