CVE-2022-36795 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-36795 PUBLISHED CVSS 5.300000190734863 MEDIUM

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections.

EPSS 0.49% · 65.3th percentile

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score

0.49%

65.3th percentile

Affected Products

Vendor	Product	Versions
F5	NGINX Plus
F5	BIG-IP	17.0.x, 16.1.x, 15.1.x
f5	big-ip_local_traffic_manager	14.1.0, 17.0.0, 16.1.0
F5	NGINX
f5	big-ip_application_security_manager	17.0.0, 14.1.0, 15.1.0
f5	big-ip_domain_name_system	17.0.0, 14.1.0, 15.1.0
f5	big-ip_analytics	17.0.0, 14.1.0, 15.1.0
f5	big-ip_policy_enforcement_manager	17.0.0, 15.1.0, 14.1.0
f5	big-ip_global_traffic_manager	16.1.0, 14.1.0, 17.0.0
AWS	config
AWS	connect
f5	big-ip_link_controller	14.1.0, 17.0.0, 16.1.0
f5	big-ip_access_policy_manager	16.1.0, 15.1.0, 14.1.0
F5	NGINX Ingress Controller
f5	big-ip_fraud_protection_service	17.0.0, 16.1.0, 15.1.0
f5	big-ip_application_acceleration_manager	17.0.0, 16.1.0, 15.1.0
f5	big-ip_advanced_firewall_manager	17.0.0, 16.1.0, 15.1.0

Timeline

Oct 19, 2022 CVE Published
Oct 22, 2022 EPSS Score
Dec 4, 2022 EPSS Score
Jan 16, 2023 EPSS Score
Feb 28, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 12, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 7, 2023 EPSS Score
Oct 2, 2023 EPSS Score
Nov 14, 2023 EPSS Score
Dec 27, 2023 EPSS Score

References

https://support.f5.com/csp/article/K76934290 advisory
https://support.f5.com/csp/article/K52494562 url
https://nvd.nist.gov/vuln/detail/CVE-2022-36795 advisory

Open in Interactive Console →