Details of VAR-202208-0208

ID

VAR-202208-0208

CVE

CVE-2022-34862

TITLE

BIG-IP Infinite loop vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016718

DESCRIPTION

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Exists in an infinite loop vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-34862 // JVNDB: JVNDB-2022-016718 // VULHUB: VHN-431286 // VULMON: CVE-2022-34862

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	15.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.1.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	15.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	15.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.1.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	15.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.1.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	15.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.1.5	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	15.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.1.5	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	15.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	15.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	15.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	15.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.1.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	16.1.3.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	15.1.6.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-016718 // NVD: CVE-2022-34862

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34862
value:	HIGH
Trust: 1.0
f5sirt@f5.com:	CVE-2022-34862
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2022-016718
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202208-2062
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-34862
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-016718
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-016718 // CNNVD: CNNVD-202208-2062 // NVD: CVE-2022-34862 // NVD: CVE-2022-34862

PROBLEMTYPE DATA

problemtype:	CWE-835	Trust: 1.1
problemtype:	infinite loop (CWE-835) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-431286 // JVNDB: JVNDB-2022-016718 // NVD: CVE-2022-34862

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2062

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-2062

PATCH

title:

K66510514

url:

https://my.f5.com/manage/s/article/K66510514

Trust: 0.8

sources: JVNDB: JVNDB-2022-016718

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34862	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-016718	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-2062	Trust: 0.6
db:	VULHUB	id:	VHN-431286	Trust: 0.1
db:	VULMON	id:	CVE-2022-34862	Trust: 0.1

sources: VULHUB: VHN-431286 // VULMON: CVE-2022-34862 // JVNDB: JVNDB-2022-016718 // CNNVD: CNNVD-202208-2062 // NVD: CVE-2022-34862

REFERENCES

url:	https://support.f5.com/csp/article/k66510514	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34862	Trust: 0.8
url:	https://vigilance.fr/vulnerability/f5-big-ip-multiple-vulnerabilities-38983	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-34862/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-431286 // VULMON: CVE-2022-34862 // JVNDB: JVNDB-2022-016718 // CNNVD: CNNVD-202208-2062 // NVD: CVE-2022-34862

SOURCES

db:	VULHUB	id:	VHN-431286
db:	VULMON	id:	CVE-2022-34862
db:	JVNDB	id:	JVNDB-2022-016718
db:	CNNVD	id:	CNNVD-202208-2062
db:	NVD	id:	CVE-2022-34862

LAST UPDATE DATE

2024-08-14T14:02:29.596000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-431286	date:	2022-08-10T00:00:00
db:	VULMON	id:	CVE-2022-34862	date:	2022-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2022-016718	date:	2023-10-06T02:53:00
db:	CNNVD	id:	CNNVD-202208-2062	date:	2022-08-11T00:00:00
db:	NVD	id:	CVE-2022-34862	date:	2022-08-10T18:16:00.923

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-431286	date:	2022-08-04T00:00:00
db:	VULMON	id:	CVE-2022-34862	date:	2022-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2022-016718	date:	2023-10-06T00:00:00
db:	CNNVD	id:	CNNVD-202208-2062	date:	2022-08-03T00:00:00
db:	NVD	id:	CVE-2022-34862	date:	2022-08-04T18:15:10.313