CVE-2022-28705 : What You Need to Know

This article provides detailed information about CVE-2022-28705 affecting F5 BIG-IP devices.

Understanding CVE-2022-28705

This CVE impacts certain versions of F5 BIG-IP devices due to an issue related to undisclosed requests on specific platforms.

What is CVE-2022-28705?

CVE-2022-28705 affects F5 BIG-IP 16.1.x, 15.1.x, 14.1.x, and 13.1.x versions, where undisclosed requests to a virtual server with specific configurations can cause the Traffic Management Microkernel (TMM) process to terminate.

The Impact of CVE-2022-28705

The vulnerability has a base score of 7.5 (High) with high availability impact. Attack complexity is low, and privileges are not required for exploitation. It can lead to denial of service on affected systems.

Technical Details of CVE-2022-28705

This section covers vulnerability description, affected systems and versions, and exploitation mechanism.

Vulnerability Description

On affected F5 BIG-IP versions, undisclosed requests can trigger TMM process termination, impacting system availability.

Affected Systems and Versions

F5 BIG-IP versions 16.1.x (less than 16.1.2.2), 15.1.x (less than 15.1.5.1), 14.1.x (less than 14.1.4.6), and 13.1.x (less than 13.1.5) are vulnerable.

Exploitation Mechanism

Attackers can exploit the vulnerability by sending specific requests to a virtual server with specific settings, leading to TMM process termination.

Mitigation and Prevention

To mitigate the CVE-2022-28705, follow immediate steps and adopt long-term security practices.

Immediate Steps to Take

Update affected F5 BIG-IP devices to versions that address the vulnerability. Disable ePVA and related settings to prevent exploit.

Long-Term Security Practices

Regularly monitor F5 security advisories and apply patches promptly. Implement network security measures.

Patching and Updates

Install security patches released by F5 for affected versions to eliminate the vulnerability.