CVE-2022-23018: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

A vulnerability (CVE-2022-23018) was identified in BIG-IP Advanced Firewall Manager (AFM) affecting versions 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4. The vulnerability was disclosed on January 25, 2022, and involves a condition where undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles (NVD).

The vulnerability is classified as an Improper Handling of Exceptional Conditions (CWE-755). It received a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

The primary impact of this vulnerability is on system availability. When successfully exploited, it can cause the Traffic Management Microkernel (TMM) to terminate, potentially leading to service disruption (NVD).

F5 has released patched versions to address this vulnerability. Users should upgrade to version 16.1.2, 15.1.4.1, 14.1.4.5, or later versions depending on their installation branch. Note that software versions which have reached End of Technical Support (EoTS) are not evaluated (NVD).