ID

VAR-202302-0058


CVE

CVE-2023-22341


TITLE

BIG-IP APM  in the system  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-003169

DESCRIPTION

On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP APM The system has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-22341 // JVNDB: JVNDB-2023-003169 // VULHUB: VHN-451921 // VULMON: CVE-2023-22341

AFFECTED PRODUCTS

vendor:f5model:big-ip access policy managerscope:ltversion:14.1.5.3

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip access policy managerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-003169 // NVD: CVE-2023-22341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-22341
value: HIGH

Trust: 1.0

f5sirt@f5.com: CVE-2023-22341
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-003169
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-094
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-22341
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2023-003169
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-003169 // CNNVD: CNNVD-202302-094 // NVD: CVE-2023-22341 // NVD: CVE-2023-22341

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.1

problemtype:NULL Pointer dereference (CWE-476) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-451921 // JVNDB: JVNDB-2023-003169 // NVD: CVE-2023-22341

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-094

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202302-094

PATCH

title:K20717585url:https://my.f5.com/manage/s/article/K20717585

Trust: 0.8

title:F5 BIG-IP Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=224512

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2023-22341

Trust: 0.1

sources: VULMON: CVE-2023-22341 // JVNDB: JVNDB-2023-003169 // CNNVD: CNNVD-202302-094

EXTERNAL IDS

db:NVDid:CVE-2023-22341

Trust: 3.4

db:JVNDBid:JVNDB-2023-003169

Trust: 0.8

db:AUSCERTid:ESB-2023.0643

Trust: 0.6

db:CNNVDid:CNNVD-202302-094

Trust: 0.6

db:VULHUBid:VHN-451921

Trust: 0.1

db:VULMONid:CVE-2023-22341

Trust: 0.1

sources: VULHUB: VHN-451921 // VULMON: CVE-2023-22341 // JVNDB: JVNDB-2023-003169 // CNNVD: CNNVD-202302-094 // NVD: CVE-2023-22341

REFERENCES

url:https://my.f5.com/manage/s/article/k20717585

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-22341

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2023.0643

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-22341/

Trust: 0.6

url:https://github.com/live-hack-cve/cve-2023-22341

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-451921 // VULMON: CVE-2023-22341 // JVNDB: JVNDB-2023-003169 // CNNVD: CNNVD-202302-094 // NVD: CVE-2023-22341

SOURCES

db:VULHUBid:VHN-451921
db:VULMONid:CVE-2023-22341
db:JVNDBid:JVNDB-2023-003169
db:CNNVDid:CNNVD-202302-094
db:NVDid:CVE-2023-22341

LAST UPDATE DATE

2024-08-14T13:52:44.891000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-451921date:2023-02-09T00:00:00
db:VULMONid:CVE-2023-22341date:2023-02-01T00:00:00
db:JVNDBid:JVNDB-2023-003169date:2023-09-01T08:27:00
db:CNNVDid:CNNVD-202302-094date:2023-02-10T00:00:00
db:NVDid:CVE-2023-22341date:2023-11-07T04:06:51.017

SOURCES RELEASE DATE

db:VULHUBid:VHN-451921date:2023-02-01T00:00:00
db:VULMONid:CVE-2023-22341date:2023-02-01T00:00:00
db:JVNDBid:JVNDB-2023-003169date:2023-09-01T00:00:00
db:CNNVDid:CNNVD-202302-094date:2023-02-01T00:00:00
db:NVDid:CVE-2023-22341date:2023-02-01T18:15:11.137