CVE-2022-41770 An authenticated iControl REST user can increase memory consumption.
The issue is disclosed in the REST interface, where user-provided requests can cause an increase in memory utilization. An attacker can exploit this issue to increase memory consumption, resulting in a possible denial-of-service. The issue is disclosed by the REST interface, where user-provided requests can cause an increase in memory utilization. An attacker can exploit this issue to increase memory consumption, resulting in a possible denial-of-service. Mitigation For BIG-IP versions 17.0.x, 16.1.x, and 15.1.x, you can disable the REST interface by setting the following variable to FALSE: global.rest.enabled=false For BIG-IP versions 14.1.x and 13.1.x you can disable the REST interface by setting the following variable to FALSE: local.rest.enabled=false For all versions you can disable the REST interface by setting the following variable to FALSE: system.rest.enabled=false For all versions you can disable the REST interface by setting the following variable: local.rest.enabled=false For all versions you can disable the REST interface by setting the following variable to FALSE: system.rest.enabled=false For all versions you can disable the REST interface by setting the following variable to FALSE: local.rest.enabled=false For all versions you can disable the REST interface by setting the following variable to FALSE: system.rest.enabled=false For all versions you can disable the REST interface by setting the
B.5 .1.3-0
global.rest.enabled=false
DNS _WRITE_TIMEOUT
The default DNS write timeout value is 60 seconds, but the system and all global zones have been changed to a global write timeout of 30 seconds. The default DNS write timeout value is 60 seconds, but the system and all global zones have been changed to a global write timeout of 30 seconds. Mitigation For all versions (including BIG-IP versions 17.0.x, 16.1.x, 15.1.x) you can change the DNS write timeout value by setting the following variable: dns.writeTimeout=30 For BIG-IP versions 14.1.x and 13.1.x you can change the DNS write timeout value by setting the following variable: dns.writeTimeout=60 For all versions you can change the DNS write timeout value by setting the following variable: dns.writeTimeout=30
Timeline
Published on: 10/19/2022 22:15:00 UTC
Last modified on: 10/24/2022 13:26:00 UTC