CVE-2022-34844
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| F5 | BIG-IP | 13.1.0 < 13.1.x* | unaffected |
| F5 | BIG-IP | 14.1.0 < 14.1.x* | unaffected |
| F5 | BIG-IP | 15.1.x < 15.1.6.1 | affected |
| F5 | BIG-IP | 16.1.x < 16.1.3.1 | affected |
| F5 | BIG-IP | 17.0.0 < 17.0.x* | unaffected |
| F5 | BIG-IQ Centralized Management | 7.0.0 < 7.x* | unaffected |
| F5 | BIG-IQ Centralized Management | 8.0.0 < 8.x* | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.