CVE-2022-26372: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

A vulnerability was identified in F5 BIG-IP systems affecting multiple versions including 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x. The vulnerability was discovered and assigned CVE-2022-26372 on April 19, 2022. The issue occurs when a DNS listener is configured on a virtual server with DNS queueing, which is the default configuration (MITRE).

The vulnerability involves undisclosed DNS requests that can trigger increased memory resource utilization when a DNS listener is configured with DNS queueing on a virtual server. This configuration is the default setting for BIG-IP systems (MITRE).

When exploited, this vulnerability results in increased memory resource utilization on affected F5 BIG-IP systems, potentially impacting system performance and stability (MITRE).

F5 has released fixes for this vulnerability in various version branches: version 15.1.0.2 or later for the 15.1.x branch, version 14.1.4.6 or later for the 14.1.x branch, and version 13.1.5 or later for the 13.1.x branch. Systems running versions 12.1.x and 11.6.x should be upgraded to a supported version as these branches are vulnerable (MITRE).