CVE-2022-33968 : Security Advisory and Response

A detailed overview of the BIG-IP LTM and APM NTLM vulnerability CVE-2022-33968 affecting F5 products.

Understanding CVE-2022-33968

This section provides insights into the nature and impact of the vulnerability.

What is CVE-2022-33968?

The vulnerability exists in BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x. It arises when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, allowing undisclosed traffic to trigger a buffer over-read.

The Impact of CVE-2022-33968

With a CVSS score of 3.7, the vulnerability poses a low severity risk. It has a high attack complexity and occurs over a network.

Technical Details of CVE-2022-33968

Explore the specific technical aspects of the CVE.

Vulnerability Description

The vulnerability involves an out-of-bounds read (CWE-125) due to improper handling of NTLM challenge-response traffic.

Affected Systems and Versions

Products such as BIG-IP by F5 are impacted, including versions 13.1.0, 14.1.x, 15.1.x, 16.1.x, and 17.0.x.

Exploitation Mechanism

Attackers can exploit this vulnerability by sending crafted NTLM traffic to the affected virtual server, leading to a buffer over-read.

Mitigation and Prevention

Learn how to mitigate the risks associated with CVE-2022-33968.

Immediate Steps to Take

Users are advised to update their BIG-IP installations to the latest non-affected versions. Additionally, monitoring network traffic for any suspicious activity is recommended.

Long-Term Security Practices

Following security best practices, regular security audits, and staying informed about software vulnerabilities can help prevent similar issues in the future.

Patching and Updates

Ensure timely installation of security patches and updates released by F5 for the affected versions of BIG-IP.