What is CVE-2022-33203?

CVE-2022-33203 is a vulnerability in BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5 that can cause an increase in memory resource utilization when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server.

How severe is CVE-2022-33203?

CVE-2022-33203 has a high severity rating with a CVSS score of 7.5.

Which software versions are affected by CVE-2022-33203?

CVE-2022-33203 affects BIG-IP Access Policy Manager versions 14.1.x, 15.1.x, and 16.1.x, as well as BIG-IP SSL Orchestrator versions 14.1.x, 15.1.x, and 16.1.x.

What is the fix for CVE-2022-33203?

To fix CVE-2022-33203, update BIG-IP software to version 14.1.5, 15.1.6.1, or 16.1.3.

Where can I find more information about CVE-2022-33203?

More information about CVE-2022-33203 can be found at the following link: [https://support.f5.com/csp/article/K52534925]

Vulnerability/
CVE-2022-33203

high

7.5

CWE

400

4/8/2022

17/9/2024

CVE-2022-33203: BIG-IP APM and F5 SSL Orchestrator vulnerability CVE-2022-33203

First published: Thu Aug 04 2022(Updated: )

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Credit: f5sirt@f5.com

Affected Software	Affected Version	How to fix
F5 Big-ip Access Policy Manager	>=14.1.0<14.1.5
F5 Big-ip Access Policy Manager	>=15.1.0<15.1.6.1
F5 Big-ip Access Policy Manager	>=16.1.0<16.1.3
F5 Big-ip Ssl Orchestrator	>=14.1.0<14.1.5
F5 Big-ip Ssl Orchestrator	>=15.1.0<15.1.6.1
F5 Big-ip Ssl Orchestrator	>=16.1.0<16.1.3

Never miss a vulnerability like this again

Reference Links

https://support.f5.com/csp/article/K52534925

Frequently Asked Questions

What is CVE-2022-33203?
CVE-2022-33203 is a vulnerability in BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5 that can cause an increase in memory resource utilization when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server.
How severe is CVE-2022-33203?
CVE-2022-33203 has a high severity rating with a CVSS score of 7.5.
Which software versions are affected by CVE-2022-33203?
CVE-2022-33203 affects BIG-IP Access Policy Manager versions 14.1.x, 15.1.x, and 16.1.x, as well as BIG-IP SSL Orchestrator versions 14.1.x, 15.1.x, and 16.1.x.
What is the fix for CVE-2022-33203?
To fix CVE-2022-33203, update BIG-IP software to version 14.1.5, 15.1.6.1, or 16.1.3.
Where can I find more information about CVE-2022-33203?
More information about CVE-2022-33203 can be found at the following link: [https://support.f5.com/csp/article/K52534925]

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/author
agent/severity
agent/weakness
agent/title
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/f5
canonical/f5 big-ip access policy manager
version/f5 big-ip access policy manager/14.1.0
version/f5 big-ip access policy manager/15.1.0
version/f5 big-ip access policy manager/16.1.0
canonical/f5 big-ip ssl orchestrator
version/f5 big-ip ssl orchestrator/14.1.0
version/f5 big-ip ssl orchestrator/15.1.0
version/f5 big-ip ssl orchestrator/16.1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.