CVE-2022-23028 — MEDIUM (5.3)

Q: How severe is CVE-2022-23028?

CVE-2022-23028 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-23028?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Advanced Firewall Manager.

Vulnerability Description

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when global AFM SYN cookie protection (TCP Half Open flood vector) is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
F5	Big-Ip Advanced Firewall Manager	>= 13.1.0, <= 13.1.4

Related Weaknesses (CWE)

CWE-682

References

https://support.f5.com/csp/article/K16101409MitigationVendor Advisory
https://support.f5.com/csp/article/K16101409MitigationVendor Advisory

FAQ

What is CVE-2022-23028?

CVE-2022-23028 is a vulnerability with a CVSS score of 5.3 (MEDIUM). On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when global AFM SYN cookie protection (TCP Half Open flood vector) is activated in t...

How severe is CVE-2022-23028?

CVE-2022-23028 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-23028?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Advanced Firewall Manager.