CVE-2022-23014: 
F5 BIG-IP Virtual Edition vulnerability analysis and mitigation

CVE-2022-23014 affects BIG-IP APM (Access Policy Manager) versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1. The vulnerability was disclosed on January 25, 2022, and involves undisclosed requests causing the Traffic Management Microkernel (TMM) to terminate when BIG-IP APM portal access is configured on a virtual server (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. It is classified as CWE-20 (Improper Input Validation). The vulnerability requires low attack complexity and low privileges to exploit, with no user interaction needed (NVD).

When successfully exploited, this vulnerability can lead to a denial of service condition through the termination of the Traffic Management Microkernel (TMM), affecting the availability of the BIG-IP APM portal access services (NVD).

F5 has released patched versions to address this vulnerability. Users should upgrade to version 16.1.2 or later for the 16.1.x branch, or version 15.1.4.1 or later for the 15.1.x branch. Software versions which have reached End of Technical Support (EoTS) are not evaluated (NVD).