CVE-2022-27189
CVE-2022-27189
In short
F5 BIG-IP devices with ICAP profiles enabled can experience excessive memory usage when processing certain network traffic, potentially causing performance degradation or service disruption.
Technical detail
A memory exhaustion vulnerability in F5 BIG-IP's Traffic Management Microkernel (TMM) occurs when ICAP profiles are configured on virtual servers and specific undisclosed traffic patterns are processed. The vulnerability affects multiple legacy versions (16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, 11.6.x) and can lead to resource depletion impacting service availability.
Summary generated and translated by AI from the official description.
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
F5 · BIG-IPWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →