Cloud Defense Logo

Products

Solutions

Company

CVE-2022-35272 : Vulnerability Insights and Analysis

Stay informed about CVE-2022-35272 affecting BIG-IP versions 17.0.x and 16.1.x. Learn about the impact, affected systems, and mitigation steps against this vulnerability.

A vulnerability has been identified in BIG-IP versions 17.0.x and 16.1.x, which could lead to a denial of service condition. Learn more about CVE-2022-35272 below.

Understanding CVE-2022-35272

This section will provide insights into the nature and impact of the vulnerability.

What is CVE-2022-35272?

The vulnerability exists in BIG-IP versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, affecting the Traffic Management Microkernel (TMM) when specific configurations are in place.

The Impact of CVE-2022-35272

The vulnerability could allow undisclosed traffic to trigger the TMM to produce a core file, leading to connection termination, potentially causing a denial of service.

Technical Details of CVE-2022-35272

This section delves into the technical aspects of the vulnerability.

Vulnerability Description

When source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server in affected versions, it may trigger the TMM to crash.

Affected Systems and Versions

BIG-IP versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1 are impacted by this vulnerability.

Exploitation Mechanism

The vulnerability can be triggered by sending specific traffic to the MRF virtual server.

Mitigation and Prevention

Discover the steps to mitigate and prevent the exploitation of CVE-2022-35272.

Immediate Steps to Take

It is recommended to update the affected software to versions that address this vulnerability.

Long-Term Security Practices

Implementing network segmentation and least privilege access can help reduce the attack surface.

Patching and Updates

Regularly apply security patches and updates provided by F5 to ensure your systems are protected against known vulnerabilities.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now