CVE-2022-27181

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Published: May 5, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-27181
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
f5 / big-ip_access_policy_manager	13.1.0	13.1.0.x
f5 / big-ip_access_policy_manager	14.1.0	14.1.0.x
f5 / big-ip_access_policy_manager	15.1.0	15.1.0.x
f5 / big-ip_access_policy_manager	14.1.4	14.1.4.x
f5 / big-ip_access_policy_manager	16.1.0	16.1.0.x
f5 / big-ip_access_policy_manager	16.1.2	16.1.2.x
f5 / big-ip_access_policy_manager	16.1.1	16.1.1.x
f5 / big-ip_access_policy_manager	15.1.5	15.1.5.x
f5 / big-ip_access_policy_manager	15.1.4	15.1.4.x
f5 / big-ip_access_policy_manager	15.1.3	15.1.3.x
f5 / big-ip_access_policy_manager	15.1.2	15.1.2.x
f5 / big-ip_access_policy_manager	15.1.1	15.1.1.x
f5 / big-ip_access_policy_manager	14.1.3	14.1.3.x
f5 / big-ip_access_policy_manager	14.1.2	14.1.2.x
f5 / big-ip_access_policy_manager	13.1.5	13.1.5.x
f5 / big-ip_access_policy_manager	13.1.4	13.1.4.x
f5 / big-ip_access_policy_manager	13.1.3	13.1.3.x
f5 / big-ip_access_policy_manager	13.1.1	13.1.1.x

https://support.f5.com/csp/article/K93543114

Vulnerability Database

289,697

CVE-2022-27181