CVE-2023-22839 - Vulnerability Details

On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00362.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
F5	Big-ip 10000s Big-ip 10000s Firmware Big-ip 10200v Big-ip 10200v-ssl Big-ip 10200v-ssl Firmware Big-ip 10200v Firmware Big-ip 12000 Big-ip 12000 Firmware Big-ip 5000s Big-ip 5000s Firmware Big-ip 5200v Big-ip 5200v-ssl Big-ip 5200v-ssl Firmware Big-ip 5200v Firmware Big-ip 7000s Big-ip 7000s Firmware Big-ip 7200v Big-ip 7200v-ssl Big-ip 7200v-ssl Firmware Big-ip 7200v Firmware Big-ip Domain Name System Big-ip I10600 Big-ip I10600 Firmware Big-ip I10800 Big-ip I10800 Firmware Big-ip I11600 Big-ip I11600 Firmware Big-ip I11800 Big-ip I11800 Firmware Big-ip I15600 Big-ip I15600 Firmware Big-ip I15800 Big-ip I15800 Firmware Big-ip I5600 Big-ip I5600 Firmware Big-ip I5800 Big-ip I5800 Firmware Big-ip I7600 Big-ip I7600 Firmware Big-ip I7800 Big-ip I7800 Firmware Big-ip Local Traffic Manager R10600 R10600 Firmware R10800 R10800 Firmware R10900 R10900 Firmware R5600 R5600 Firmware R5800 R5800 Firmware R5900 R5900 Firmware Velos Bx110 Velos Bx110 Firmware Viprion B2100 Viprion B2100 Firmware Viprion B2150 Viprion B2150 Firmware Viprion B2250 Viprion B2250 Firmware Viprion B4300 Viprion B4300 Firmware Viprion B4450 Viprion B4450 Firmware

Configuration 1 [-]

OR	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::

Configuration 2 [-]

AND

cpe:2.3:o:f5:big-ip_10000s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_10000s:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:f5:big-ip_10200v_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_10200v:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:f5:big-ip_10200v-ssl_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_10200v-ssl:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:f5:big-ip_12000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_12000:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:f5:big-ip_5000s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_5000s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:f5:big-ip_5200v_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_5200v:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:f5:big-ip_5200v-ssl_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_5200v-ssl:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:f5:big-ip_7000s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_7000s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:f5:big-ip_7200v_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_7200v:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:f5:big-ip_7200v-ssl_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_7200v-ssl:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:f5:big-ip_i10600_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_i10600:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:f5:big-ip_i10800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_i10800:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:f5:big-ip_i11600_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_i11600:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:f5:big-ip_i11800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_i11800:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:f5:big-ip_i15600_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_i15600:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:f5:big-ip_i15800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_i15800:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:f5:big-ip_i5600_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_i5600:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:f5:big-ip_i5800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_i5800:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:f5:big-ip_i7600_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_i7600:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:f5:big-ip_i7800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:big-ip_i7800:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:f5:r10600_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:r10600:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:f5:r10800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:r10800:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:f5:r10900_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:r10900:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:f5:r5600_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:r5600:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:f5:r5800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:r5800:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:f5:r5900_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:r5900:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:f5:velos_bx110_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:velos_bx110:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:f5:viprion_b2100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:viprion_b2100:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:f5:viprion_b2150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:viprion_b2150:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:f5:viprion_b2250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:viprion_b2250:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:f5:viprion_b4300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:viprion_b4300:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:f5:viprion_b4450_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:f5:viprion_b4450:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-26950	On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://my.f5.com/manage/s/article/K37708118

History

Wed, 26 Mar 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: f5

Published: 2023-02-01T17:56:26.064Z

Updated: 2025-03-26T17:48:26.847Z

Reserved: 2023-01-13T06:43:46.141Z

Link: CVE-2023-22839

Vulnrichment

Updated: 2024-08-02T10:20:31.223Z

NVD

Status : Modified

Published: 2023-02-01T18:15:11.750

Modified: 2024-11-21T07:45:29.820

Link: CVE-2023-22839

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object