1. Home
  2. CVE Database
  3. CVE-2022-28706
MEDIUM · 5.9

CVE-2022-28706

On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS resolver configuration is used, undisclosed requests can cause the Traffic Management Microkernel (TMM)...

Vulnerability Description

On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS resolver configuration is used, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
F5Big-Ip Access Policy Manager15.1.0
F5Big-Ip Advanced Firewall Manager15.1.0
F5Big-Ip Analytics15.1.0
F5Big-Ip Application Acceleration Manager15.1.0
F5Big-Ip Application Security Manager15.1.0
F5Big-Ip Domain Name System15.1.0
F5Big-Ip Fraud Protection Service15.1.0
F5Big-Ip Global Traffic Manager15.1.0
F5Big-Ip Link Controller15.1.0
F5Big-Ip Local Traffic Manager15.1.0
F5Big-Ip Policy Enforcement Manager15.1.0

Related Weaknesses (CWE)

CWE-754

References

FAQ

What is CVE-2022-28706?

CVE-2022-28706 is a vulnerability with a CVSS score of 5.9 (MEDIUM). On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS resolver configuration is used, undisclosed requests can cause the Traffic Management Microkernel (TMM)...

How severe is CVE-2022-28706?

CVE-2022-28706 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-28706?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Access Policy Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Application Security Manager.