Main Vulnerability Database Vulnerabilities #VU59837

#VU59837 Incorrect calculation in BIG-IP AFM - CVE-2022-23028

Published: January 19, 2022

Vulnerability identifier: #VU59837

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-23028

CWE-ID: CWE-682

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
BIG-IP AFM

Software vendor:
F5 Networks

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation error when global AFM SYN cookie protection (TCP Half Open flood vector) is activated in the AFM Device Dos or DOS profile. Such configuration causes certain types of TCP connections fail. A remote attacker can send specially crafted traffic to the system and perform a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

External links

https://support.f5.com/csp/article/K16101409

#VU59837 Incorrect calculation in BIG-IP AFM - CVE-2022-23028

Description

Remediation

External links

Please verify you're human