CVE-2023-22281 HIGH

CVE-2023-22281: BIG-IP AFM vulnerability

Vendor F5

Product BIG-IP

Weakness CWE-908

Published February 1, 2023

Last update March 26, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Key dates

02Disclosure timeline

February 1, 2023 CVE published

March 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-22281 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/908.html

Related vulnerabilities

Identifiers

CVE CVE-2023-22281

CWE CWE-908

CVSS 7.5 / HIGH

Affected versions

Vendor F5

Product BIG-IP

Affected ≥ 17.0.0 and < 17.0.0.2

Vendor F5

Product BIG-IP

Affected ≥ 16.1.0 and < 16.1.3.3

Vendor F5

Product BIG-IP

Affected ≥ 15.1.0 and < 15.1.8

Vendor F5

Product BIG-IP

Affected ≥ 14.1.0 and < 14.1.5.3

Vendor F5

Product BIG-IP

Affected ≥ 13.1.0 and < *

CVE-2023-22281: BIG-IP AFM vulnerability

01Description

02Disclosure timeline

03References

04Related CVE