CVE-2022-27189: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

CVE-2022-27189 affects F5 BIG-IP systems across multiple versions including 16.1.x (prior to 16.1.2.2), 15.1.x (prior to 15.1.5.1), 14.1.x (prior to 14.1.4.6), 13.1.x (prior to 13.1.5), and all versions of 12.1.x and 11.6.x. The vulnerability was discovered and disclosed in April 2022, specifically related to the Internet Content Adaptation Protocol (ICAP) profile configuration on virtual servers (CVE Mitre).

The vulnerability occurs when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, where undisclosed traffic can trigger an increase in Traffic Management Microkernel (TMM) memory resource utilization. The vulnerability has been assigned a CVSS v3.1 score of 7.5 (HIGH), with metrics indicating Network attack vector, Low attack complexity, No privileges required, and No user interaction needed (NVD).

When exploited, this vulnerability can lead to increased memory resource utilization in the Traffic Management Microkernel (TMM), potentially affecting system performance and availability. The CVSS metrics indicate High impact on availability while maintaining no direct impact on confidentiality or integrity (NVD).

F5 has released patched versions to address this vulnerability: version 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5. Users are advised to upgrade to these versions or later to mitigate the vulnerability. Systems running on 12.1.x and 11.6.x versions, which have reached End of Technical Support (EoTS), should be upgraded to a supported version (CVE Mitre).