1. Home
  2. CVE Database
  3. CVE-2022-27189
HIGH · 7.5

CVE-2022-27189

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an In...

Vulnerability Description

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
F5Big-Ip Access Policy Manager11.6.1
F5Big-Ip Advanced Firewall Manager11.6.1
F5Big-Ip Analytics11.6.1
F5Big-Ip Application Acceleration Manager11.6.1
F5Big-Ip Application Security Manager11.6.1
F5Big-Ip Domain Name System11.6.1
F5Big-Ip Fraud Protection Service11.6.1
F5Big-Ip Global Traffic Manager11.6.1
F5Big-Ip Link Controller11.6.1
F5Big-Ip Local Traffic Manager11.6.1
F5Big-Ip Policy Enforcement Manager11.6.1

Related Weaknesses (CWE)

CWE-681

References

FAQ

What is CVE-2022-27189?

CVE-2022-27189 is a vulnerability with a CVSS score of 7.5 (HIGH). On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an In...

How severe is CVE-2022-27189?

CVE-2022-27189 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-27189?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Access Policy Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Application Security Manager.