{ "id": "CVE-2022-32455", "sourceIdentifier": "f5sirt@f5.com", "published": "2022-08-04T18:15:09.707", "lastModified": "2023-11-07T03:47:48.817", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n" }, { "lang": "es", "value": "En BIG-IP versiones 16.1.x anteriores a 16.1.2.2, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5 y todas las versiones de 13.1.x, cuando es configurado un perfil SSL de cliente de BIG-IP LTM en un servidor virtual para llevar a cabo la autenticaci\u00f3n de certificados de cliente con tickets de sesi\u00f3n habilitados, las peticiones no reveladas causan la terminaci\u00f3n del micron\u00facleo de administraci\u00f3n del tr\u00e1fico (TMM). Nota: Las versiones de software que han alcanzado el Fin del Soporte T\u00e9cnico (EoTS) no son evaluadas" } ], "metrics": { "cvssMetricV31": [ { "source": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, { "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-119" } ] }, { "source": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-119" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "D93F04AD-DF14-48AB-9F13-8B2E491CF42E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.5", "matchCriteriaId": "854440E5-A3F0-46AF-B63A-BEF9C925A212" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.6.1", "matchCriteriaId": "160570FB-7707-4362-90B0-F8C8FE8BA38B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.2.2", "matchCriteriaId": "758D4F60-C707-4C09-8FA1-9AFC232C2B68" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "6603ED6A-3366-4572-AFCD-B3D4B1EC7606" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.5", "matchCriteriaId": "F0F46FE1-6247-4A18-9842-0EAFE9DDD93A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.6.1", "matchCriteriaId": "1FADD47D-1A4C-430F-B7C7-763F72893824" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.2.2", "matchCriteriaId": "4B89C592-E704-4AA8-98EF-22E81A888D9F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "9167FEC1-2C37-4946-9657-B4E69301FB24" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.5", "matchCriteriaId": "08390071-5FA5-492D-A00A-1F901A51E07D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.6.1", "matchCriteriaId": "2728406D-E27A-4434-BC3B-4D844F0E7BA0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.2.2", "matchCriteriaId": "6025496D-61A0-444D-85FF-9EB452FDC12D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "7EC2324D-EC8B-41DF-88A7-819E53AAD0FC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.5", "matchCriteriaId": "C904FE7E-26A6-4111-B3B0-015BD40133C7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.6.1", "matchCriteriaId": "5E7BD4CE-189E-4CA9-BE66-14A9CED7B63B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.2.2", "matchCriteriaId": "9965A0FA-84CE-4E7C-92C8-C74A44F401E2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "922AA845-530A-4B4B-9976-4CBC30C8A324" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.5", "matchCriteriaId": "9063A656-93B0-41B1-ADB3-799AC23CE899" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.6.1", "matchCriteriaId": "1E51349F-E198-4643-A10D-6C1D35E10F0D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.2.2", "matchCriteriaId": "0BDA0FAF-471B-415F-820C-446EDD53E327" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "08B25AAB-A98C-4F89-9131-29E3A8C0ED23" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.5", "matchCriteriaId": "E4F5076B-25A0-404F-8045-BBDAB8531B31" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.6.1", "matchCriteriaId": "FDC0EE80-B537-4061-8D25-7BEE1A8191DE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.2.2", "matchCriteriaId": "F4E0A3C3-F168-47D6-A54D-09722BE9EC92" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "E3D2ABA3-D4A9-4267-B0DF-7C3BBEEAEB66" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.5", "matchCriteriaId": "BE216ACB-E56A-4839-8A06-56506B5E9871" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.6.1", "matchCriteriaId": "2E49DAA0-9716-4D3A-87D4-CE55E6480CE0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.2.2", "matchCriteriaId": "800B3D3B-45FF-406F-8A32-70E00D2F9DE5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "E6018B01-048C-43BB-A78D-66910ED60CA9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.5", "matchCriteriaId": "3D31C5B6-DF43-44CA-B8D4-8751B4804225" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.6.1", "matchCriteriaId": "C92185E0-F49B-41E2-815C-93C5643C2CAA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.2.2", "matchCriteriaId": "3816AEE7-81A4-46F4-97EC-B156DA52C04D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "D9EC2237-117F-43BD-ADEC-516CF72E04EF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.5", "matchCriteriaId": "7D8BF6B2-A36E-457F-972E-AD15AC6FE680" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.6.1", "matchCriteriaId": "EC49DC01-B0B5-41DF-8B8B-CCE0AED8748C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.2.2", "matchCriteriaId": "384FD000-3901-4B01-B544-DE210FCFB3B1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "0360F76D-E75E-4B05-A294-B47012323ED9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.5", "matchCriteriaId": "E9DB433B-0213-4EA7-87A6-9DAE5F31F2CB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.6.1", "matchCriteriaId": "D0E7A929-53FF-482D-9935-E3B2E6C9D174" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.2.2", "matchCriteriaId": "652E0726-38DB-4559-BAC1-860E02678F60" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "8257AA59-C14D-4EC1-B22C-DFBB92CBC297" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.5", "matchCriteriaId": "260DF4DE-A303-4460-B83B-C880B5996A3A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.6.1", "matchCriteriaId": "4DCF4D67-ECC3-4808-AF91-CA2BE17E5E8D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.2.2", "matchCriteriaId": "3C53D007-B6DD-447E-BA9A-5CE9137CAA80" } ] } ] } ], "references": [ { "url": "https://support.f5.com/csp/article/K16852653", "source": "f5sirt@f5.com", "tags": [ "Vendor Advisory" ] } ] }