ID
VAR-202205-0404
CVE
CVE-2022-27181
TITLE
F5 BIG-IP APM Resource exhaustion vulnerability in
Trust: 0.8
DESCRIPTION
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. F5 BIG-IP APM Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. F5 BIG-IP is an application delivery platform of F5 that integrates functions such as network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. F5 BIG-IP APM has a resource management error vulnerability that could be exploited by an attacker to cause service degradation, resulting in a denial of service on the BIG-IP system
Trust: 1.8
AFFECTED PRODUCTS
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 16.1.1 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 13.1.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 13.1.1 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 14.1.4 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 14.1.2 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 16.1.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 15.1.3 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 13.1.3 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 15.1.5 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 13.1.5 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 15.1.4 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 15.1.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 13.1.4 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 14.1.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 14.1.3 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 15.1.2 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 16.1.2 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | 15.1.1 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | f5 | model: | big-ip access policy manager | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-400 | Trust: 1.1 |
| problemtype: | Resource exhaustion (CWE-400) [ others ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
resource management error
Trust: 0.6
PATCH
| title: | K93543114 | url: | https://my.f5.com/manage/s/article/K93543114 | Trust: 0.8 |
| title: | F5 BIG-IP APM Remediation of resource management error vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191830 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-27181 | Trust: 3.4 |
| db: | JVNDB | id: | JVNDB-2022-010266 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2022.2168 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202205-2078 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2022-74964 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-419863 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2022-27181 | Trust: 0.1 |
REFERENCES
| url: | https://support.f5.com/csp/article/k93543114 | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-27181 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-27181/ | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2022.2168 | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/f5-big-ip-multiple-vulnerabilities-38241 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/400.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | VULHUB | id: | VHN-419863 |
| db: | VULMON | id: | CVE-2022-27181 |
| db: | JVNDB | id: | JVNDB-2022-010266 |
| db: | CNNVD | id: | CNNVD-202205-2078 |
| db: | NVD | id: | CVE-2022-27181 |
LAST UPDATE DATE
2024-11-23T22:47:23.074000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-419863 | date: | 2022-05-13T00:00:00 |
| db: | VULMON | id: | CVE-2022-27181 | date: | 2022-05-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-010266 | date: | 2023-08-14T06:53:00 |
| db: | CNNVD | id: | CNNVD-202205-2078 | date: | 2022-05-16T00:00:00 |
| db: | NVD | id: | CVE-2022-27181 | date: | 2024-11-21T06:55:21.537 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-419863 | date: | 2022-05-05T00:00:00 |
| db: | VULMON | id: | CVE-2022-27181 | date: | 2022-05-05T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-010266 | date: | 2023-08-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-202205-2078 | date: | 2022-05-04T00:00:00 |
| db: | NVD | id: | CVE-2022-27181 | date: | 2022-05-05T17:15:12.473 |