CVE-2023-22839: 
F5 BIG-IP Virtual Edition vulnerability analysis and mitigation

A vulnerability was identified in BIG-IP systems affecting versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x. The vulnerability, tracked as CVE-2023-22839, was discovered and disclosed in January 2023. The issue occurs when a DNS profile with Rapid Response Mode is enabled on a virtual server that also has hardware SYN cookies enabled (MITRE CVE).

The vulnerability is related to the Traffic Management Microkernel (TMM) termination when specific conditions are met. It has been assigned a CVSS v3.1 score of 7.5 (HIGH severity). The vulnerability is associated with CWE-476, which typically relates to NULL pointer dereference issues (NVD Results).

When successfully exploited, this vulnerability causes the Traffic Management Microkernel (TMM) to terminate, potentially leading to service disruption on affected BIG-IP systems (MITRE CVE).

The vulnerability has been addressed in various BIG-IP versions. Users should upgrade to version 17.0.0.2 or later for the 17.0.x branch, 16.1.3.3 or later for the 16.1.x branch, 15.1.8.1 or later for the 15.1.x branch, or 14.1.5.3 or later for the 14.1.x branch. Note that versions that have reached End of Technical Support (EoTS) are not evaluated (MITRE CVE).