Details of VAR-202201-1944

ID

VAR-202201-1944

CVE

CVE-2022-23024

TITLE

BIG-IP AFM Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004261

DESCRIPTION

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway (ALG) logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP AFM Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. F5 BIG-IP is an application delivery platform of F5 that integrates functions such as network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. The F5 BIG-IP AFM has a resource management error vulnerability that could be exploited by an attacker to cause a denial of service on the BIG-IP system

Trust: 1.8

sources: NVD: CVE-2022-23024 // JVNDB: JVNDB-2022-004261 // VULHUB: VHN-411895 // VULMON: CVE-2022-23024

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	15.1.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	13.1.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	14.1.4.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-004261 // NVD: CVE-2022-23024

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-23024
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-23024
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202201-1741
value:	HIGH
Trust: 0.6
VULHUB:	VHN-411895
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-23024
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-23024
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-411895
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-23024
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-23024
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-411895 // VULMON: CVE-2022-23024 // JVNDB: JVNDB-2022-004261 // CNNVD: CNNVD-202201-1741 // NVD: CVE-2022-23024

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	Resource exhaustion (CWE-400) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-411895 // JVNDB: JVNDB-2022-004261 // NVD: CVE-2022-23024

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-1741

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202201-1741

PATCH

title:	K54892865	url:	https://my.f5.com/manage/s/article/K54892865	Trust: 0.8
title:	F5 BIG-IP AFM Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180296	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-23024 // JVNDB: JVNDB-2022-004261 // CNNVD: CNNVD-202201-1741

EXTERNAL IDS

db:	NVD	id:	CVE-2022-23024	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-004261	Trust: 0.8
db:	CS-HELP	id:	SB2022012026	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0323.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-1741	Trust: 0.6
db:	CNVD	id:	CNVD-2022-70625	Trust: 0.1
db:	VULHUB	id:	VHN-411895	Trust: 0.1
db:	VULMON	id:	CVE-2022-23024	Trust: 0.1

sources: VULHUB: VHN-411895 // VULMON: CVE-2022-23024 // JVNDB: JVNDB-2022-004261 // CNNVD: CNNVD-202201-1741 // NVD: CVE-2022-23024

REFERENCES

url:	https://support.f5.com/csp/article/k54892865	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23024	Trust: 1.4
url:	https://vigilance.fr/vulnerability/f5-big-ip-afm-denial-of-service-via-ipsec-alg-logging-profile-37322	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0323.2	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012026	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-411895 // VULMON: CVE-2022-23024 // JVNDB: JVNDB-2022-004261 // CNNVD: CNNVD-202201-1741 // NVD: CVE-2022-23024

SOURCES

db:	VULHUB	id:	VHN-411895
db:	VULMON	id:	CVE-2022-23024
db:	JVNDB	id:	JVNDB-2022-004261
db:	CNNVD	id:	CNNVD-202201-1741
db:	NVD	id:	CVE-2022-23024

LAST UPDATE DATE

2024-11-23T22:15:57.207000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411895	date:	2022-02-01T00:00:00
db:	VULMON	id:	CVE-2022-23024	date:	2022-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-004261	date:	2023-04-04T01:26:00
db:	CNNVD	id:	CNNVD-202201-1741	date:	2022-04-24T00:00:00
db:	NVD	id:	CVE-2022-23024	date:	2024-11-21T06:47:49.740

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411895	date:	2022-01-25T00:00:00
db:	VULMON	id:	CVE-2022-23024	date:	2022-01-25T00:00:00
db:	JVNDB	id:	JVNDB-2022-004261	date:	2023-04-04T00:00:00
db:	CNNVD	id:	CNNVD-202201-1741	date:	2022-01-19T00:00:00
db:	NVD	id:	CVE-2022-23024	date:	2022-01-25T20:15:09.700