CVE-2022-26071 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-26071 PUBLISHED CVSS 7.400000095367432 HIGH

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel (TMM) allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

EPSS 1.48% · 80.8th percentile

Risk Scores

CVSS v3.1

7.400000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

1.48%

80.8th percentile

Affected Products

Vendor	Product	Versions
f5	big-ip_application_acceleration_manager	11.6.1, 17.0.0, 16.1.2
F5	BIG-IP	12.1.x, 11.6.x, 13.1.x
f5	big-ip_access_policy_manager	15.1.3, 15.1.2, 15.1.1
f5	big-ip_local_traffic_manager	11.6.1, 17.0.0, 16.1.2
f5	big-ip_link_controller	11.6.1, 11.6.2, 11.6.3
f5	big-ip_application_security_manager	15.1.5, 11.6.1, 11.6.2
f5	big-ip_policy_enforcement_manager	17.0.0, 11.6.1, 11.6.2
f5	big-ip_analytics	14.1.0, 11.6.1, 11.6.2
f5	big-ip_domain_name_system	17.0.0, 16.1.2, 16.1.1
f5	big-ip_fraud_protection_service	17.0.0, 16.1.2, 16.1.1
f5	big-ip_global_traffic_manager	17.0.0, 11.6.2, 11.6.3
f5	big-ip_advanced_firewall_manager	17.0.0, 16.1.2, 16.1.1

Timeline

May 5, 2022 CVE Published
May 6, 2022 EPSS Score
Jun 24, 2022 EPSS Score
Aug 13, 2022 EPSS Score
Oct 1, 2022 EPSS Score
Jan 6, 2023 EPSS Score
Feb 24, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 14, 2023 EPSS Score
Jun 2, 2023 EPSS Score
Jul 21, 2023 EPSS Score
Sep 8, 2023 EPSS Score

References

https://support.f5.com/csp/article/K54082580 advisory
https://support.f5.com/csp/article/K41440465 advisory
https://support.f5.com/csp/article/K21317311 advisory
https://support.f5.com/csp/article/K31856317 advisory
https://support.f5.com/csp/article/K14229426 advisory
https://support.f5.com/csp/article/K23454411 advisory
https://support.f5.com/csp/article/K71103363 advisory
https://support.f5.com/csp/article/K06323049 advisory
https://support.f5.com/csp/article/K49905324 advisory
https://support.f5.com/csp/article/K39002226 advisory
https://support.f5.com/csp/article/K93543114 advisory
https://support.f5.com/csp/article/K25451853 advisory
https://support.f5.com/csp/article/K24248011 advisory
https://support.f5.com/csp/article/K54460845 advisory
https://support.f5.com/csp/article/K51539421 advisory
https://support.f5.com/csp/article/K92306170 advisory
https://support.f5.com/csp/article/K37155600 advisory
https://support.f5.com/csp/article/K64124988 advisory
https://support.f5.com/csp/article/K17341495 advisory
https://support.f5.com/csp/article/K38271531 advisory

…and 25 more

Open in Interactive Console →