1. Home
  2. CVE Database
  3. CVE-2022-28705
HIGH · 7.5

CVE-2022-28705

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdacce...

Vulnerability Description

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
F5Big-Ip Access Policy Manager13.1.0
F5Big-Ip Advanced Firewall Manager13.1.0
F5Big-Ip Analytics13.1.0
F5Big-Ip Application Acceleration Manager13.1.0
F5Big-Ip Application Security Manager13.1.0
F5Big-Ip Domain Name System13.1.0
F5Big-Ip Fraud Protection Service13.1.0
F5Big-Ip Global Traffic Manager13.1.0
F5Big-Ip Link Controller13.1.0
F5Big-Ip Local Traffic Manager13.1.0
F5Big-Ip Policy Enforcement Manager13.1.0

Related Weaknesses (CWE)

CWE-190

References

FAQ

What is CVE-2022-28705?

CVE-2022-28705 is a vulnerability with a CVSS score of 7.5 (HIGH). On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdacce...

How severe is CVE-2022-28705?

CVE-2022-28705 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-28705?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Access Policy Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Application Security Manager.