CVE-2022-41813 Traffic Management Microkernel (TMM) can terminate when a certain input is provided to PEM or AFM module in certain versions of BIG-IP.
This can lead to a situation where the system does not respond to management requests. After some time, TMM restarts, and the issue is resolved. ARX and AFM are not vulnerable. TMM is vulnerable in versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1. Similar issues have been seen with BIG-IP systems provisioned with AFM. In versions 16.1.x before 16.1.3.1, and 15.1.x before 15.1.6.1, an undisclosed configuration can lead to TMM to restart. ARX and AFM are not vulnerable. Similar issues have been seen with BIG-IP systems provisioned with AFM. In versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, an undisclosed configuration can lead to TMM to restart. ARX and AFM are not vulnerable. Further details about the issue can be found in the advisory on CVE-2018-5125 from RedTeam Security. ARX and AFM are not vulnerable. End-user systems that are provisioned with ARX or AFM are not vulnerable. ARX and AFM are not vulnerable. ARX and AFM are not vulnerable. ARX and AFM are not vulnerable. ARX and AFM are not vulnerable. ARX and AFM are not
How do I find if TMM is vulnerable?
You can look for a configuration change in TMM that may lead to the restart.
How to find the version of your software that is vulnerable
The easiest way to find the version of your software that is vulnerable is to go to the BIG-IP and do a Show Version command on both TMM and ARX. If you see '15.1.6.1' in the output, then your software is not vulnerable. If you see '16.1.3.0', then your software is vulnerable and you should upgrade it!
Information required to control TMSC remotely
- Access to the management IP address of the TMM that is restarting
- The remote hostname on which ARX/AFM are running
- The SA password.
Timeline
Published on: 10/19/2022 22:15:00 UTC
Last modified on: 10/24/2022 14:06:00 UTC