CVE-2022-29491

05.05.2022, 17:15

On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
f5	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 67%

Vendor	Product	Version
f5	big-ip_access_policy_manager	11.6.1
f5	big-ip_access_policy_manager	11.6.2
f5	big-ip_access_policy_manager	11.6.3
f5	big-ip_access_policy_manager	11.6.4
f5	big-ip_access_policy_manager	11.6.5
f5	big-ip_access_policy_manager	12.1.0
f5	big-ip_access_policy_manager	12.1.1
f5	big-ip_access_policy_manager	12.1.2
f5	big-ip_access_policy_manager	12.1.3
f5	big-ip_access_policy_manager	12.1.4
f5	big-ip_access_policy_manager	12.1.5
f5	big-ip_access_policy_manager	12.1.6
f5	big-ip_access_policy_manager	13.1.0
f5	big-ip_access_policy_manager	13.1.1
f5	big-ip_access_policy_manager	13.1.3
f5	big-ip_access_policy_manager	13.1.4
f5	big-ip_access_policy_manager	13.1.5
f5	big-ip_access_policy_manager	14.1.0
f5	big-ip_access_policy_manager	14.1.2
f5	big-ip_access_policy_manager	14.1.3
f5	big-ip_access_policy_manager	14.1.4
f5	big-ip_access_policy_manager	15.1.0
f5	big-ip_access_policy_manager	15.1.1
f5	big-ip_access_policy_manager	15.1.2
f5	big-ip_access_policy_manager	15.1.3
f5	big-ip_access_policy_manager	15.1.4
f5	big-ip_access_policy_manager	15.1.5
f5	big-ip_access_policy_manager	16.1.0
f5	big-ip_access_policy_manager	16.1.1
f5	big-ip_access_policy_manager	16.1.2
f5	big-ip_access_policy_manager	17.0.0
f5	big-ip_advanced_web_application_firewall	11.6.1
f5	big-ip_advanced_web_application_firewall	11.6.2
f5	big-ip_advanced_web_application_firewall	11.6.3
f5	big-ip_advanced_web_application_firewall	11.6.4
f5	big-ip_advanced_web_application_firewall	11.6.5
f5	big-ip_advanced_web_application_firewall	12.1.0
f5	big-ip_advanced_web_application_firewall	12.1.1
f5	big-ip_advanced_web_application_firewall	12.1.2
f5	big-ip_advanced_web_application_firewall	12.1.3
f5	big-ip_advanced_web_application_firewall	12.1.4
f5	big-ip_advanced_web_application_firewall	12.1.5
f5	big-ip_advanced_web_application_firewall	12.1.6
f5	big-ip_advanced_web_application_firewall	13.1.0
f5	big-ip_advanced_web_application_firewall	13.1.1
f5	big-ip_advanced_web_application_firewall	13.1.3
f5	big-ip_advanced_web_application_firewall	13.1.4
f5	big-ip_advanced_web_application_firewall	13.1.5
f5	big-ip_advanced_web_application_firewall	14.1.0
f5	big-ip_advanced_web_application_firewall	14.1.2
f5	big-ip_advanced_web_application_firewall	14.1.3
f5	big-ip_advanced_web_application_firewall	14.1.4
f5	big-ip_advanced_web_application_firewall	15.1.0
f5	big-ip_advanced_web_application_firewall	15.1.1
f5	big-ip_advanced_web_application_firewall	15.1.2
f5	big-ip_advanced_web_application_firewall	15.1.3
f5	big-ip_advanced_web_application_firewall	15.1.4
f5	big-ip_advanced_web_application_firewall	15.1.5
f5	big-ip_advanced_web_application_firewall	16.1.0
f5	big-ip_advanced_web_application_firewall	16.1.1
f5	big-ip_advanced_web_application_firewall	16.1.2
f5	big-ip_advanced_web_application_firewall	17.0.0
f5	big-ip_application_security_manager	11.6.1
f5	big-ip_application_security_manager	11.6.2
f5	big-ip_application_security_manager	11.6.3
f5	big-ip_application_security_manager	11.6.4
f5	big-ip_application_security_manager	11.6.5
f5	big-ip_application_security_manager	12.1.0
f5	big-ip_application_security_manager	12.1.1
f5	big-ip_application_security_manager	12.1.2
f5	big-ip_application_security_manager	12.1.3
f5	big-ip_application_security_manager	12.1.4
f5	big-ip_application_security_manager	12.1.5
f5	big-ip_application_security_manager	12.1.6
f5	big-ip_application_security_manager	13.1.0
f5	big-ip_application_security_manager	13.1.1
f5	big-ip_application_security_manager	13.1.3
f5	big-ip_application_security_manager	13.1.4
f5	big-ip_application_security_manager	13.1.5
f5	big-ip_application_security_manager	14.1.0
f5	big-ip_application_security_manager	14.1.2
f5	big-ip_application_security_manager	14.1.3
f5	big-ip_application_security_manager	14.1.4
f5	big-ip_application_security_manager	15.1.0
f5	big-ip_application_security_manager	15.1.1
f5	big-ip_application_security_manager	15.1.2
f5	big-ip_application_security_manager	15.1.3
f5	big-ip_application_security_manager	15.1.4
f5	big-ip_application_security_manager	15.1.5
f5	big-ip_application_security_manager	16.1.0
f5	big-ip_application_security_manager	16.1.1
f5	big-ip_application_security_manager	16.1.2
f5	big-ip_application_security_manager	17.0.0
f5	big-ip_local_traffic_manager	11.6.1
f5	big-ip_local_traffic_manager	11.6.2
f5	big-ip_local_traffic_manager	11.6.3
f5	big-ip_local_traffic_manager	11.6.4
f5	big-ip_local_traffic_manager	11.6.5
f5	big-ip_local_traffic_manager	12.1.0
f5	big-ip_local_traffic_manager	12.1.1
f5	big-ip_local_traffic_manager	12.1.2
f5	big-ip_local_traffic_manager	12.1.3
f5	big-ip_local_traffic_manager	12.1.4
f5	big-ip_local_traffic_manager	12.1.5
f5	big-ip_local_traffic_manager	12.1.6
f5	big-ip_local_traffic_manager	13.1.0
f5	big-ip_local_traffic_manager	13.1.1
f5	big-ip_local_traffic_manager	13.1.3
f5	big-ip_local_traffic_manager	13.1.4
f5	big-ip_local_traffic_manager	13.1.5
f5	big-ip_local_traffic_manager	14.1.0
f5	big-ip_local_traffic_manager	14.1.2
f5	big-ip_local_traffic_manager	14.1.3
f5	big-ip_local_traffic_manager	14.1.4
f5	big-ip_local_traffic_manager	15.1.0
f5	big-ip_local_traffic_manager	15.1.1
f5	big-ip_local_traffic_manager	15.1.2
f5	big-ip_local_traffic_manager	15.1.3
f5	big-ip_local_traffic_manager	15.1.4
f5	big-ip_local_traffic_manager	15.1.5
f5	big-ip_local_traffic_manager	16.1.0
f5	big-ip_local_traffic_manager	16.1.1
f5	big-ip_local_traffic_manager	16.1.2
f5	big-ip_local_traffic_manager	17.0.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://support.f5.com/csp/article/K14229426