CVE-2022-26370 : What You Need to Know

F5 has reported a vulnerability, CVE-2022-26370, affecting certain versions of BIG-IP that can lead to the termination of the Traffic Management Microkernel (TMM) under specific configurations.

Understanding CVE-2022-26370

This section provides insights into the nature and impact of the CVE-2022-26370 vulnerability.

What is CVE-2022-26370?

The vulnerability exists in F5 BIG-IP 16.1.x, 15.1.x, and 14.1.x versions where undisclosed requests can trigger TMM termination when a SIP message routing framework (MRF) ALG profile is set on a Message Routing virtual server.

The Impact of CVE-2022-26370

With a CVSS base score of 5.9 and high availability impact, the vulnerability poses a medium severity risk. Attackers can exploit this issue remotely without requiring user interaction.

Technical Details of CVE-2022-26370

Explore the specifics of the CVE-2022-26370 vulnerability in this section.

Vulnerability Description

The vulnerability arises from improper handling of certain requests, causing the TMM to crash under vulnerable configurations.

Affected Systems and Versions

Versions prior to 16.1.2.2, 15.1.5, and 14.1.4.6 of BIG-IP are impacted, while older versions remain unaffected.

Exploitation Mechanism

Attackers can send crafted requests to virtual servers with specific MRF ALG configurations, leading to TMM termination.

Mitigation and Prevention

Learn how to address and prevent the CVE-2022-26370 vulnerability in this section.

Immediate Steps to Take

F5 recommends updating the affected BIG-IP instances to the patched versions to mitigate the risk of exploitation.

Long-Term Security Practices

Maintain a proactive security posture by regularly updating and monitoring your BIG-IP deployments for vulnerabilities.

Patching and Updates

Stay informed about F5's security advisories and promptly apply recommended patches and updates to protect your systems.