CVE-2023-22323
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/02/2023
Last modified:
07/11/2023
Description
In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.<br />
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.5 (including) |
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 14.1.0 (including) | 14.1.5.3 (excluding) |
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 15.1.0 (including) | 15.1.8.1 (excluding) |
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 16.1.0 (including) | 16.1.3.3 (excluding) |
| cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 17.0.0 (including) | 17.0.0.2 (excluding) |
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.5 (including) |
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 14.1.0 (including) | 14.1.5.3 (excluding) |
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 15.1.0 (including) | 15.1.8.1 (excluding) |
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 16.1.0 (including) | 16.1.3.3 (excluding) |
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 17.0.0 (including) | 17.0.0.2 (excluding) |
| cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.5 (including) |
| cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 14.1.0 (including) | 14.1.5.3 (excluding) |
| cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 15.1.0 (including) | 15.1.8.1 (excluding) |
| cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 16.1.0 (including) | 16.1.3.3 (excluding) |
| cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 17.0.0 (including) | 17.0.0.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



