CVE-2022-23028

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when global AFM SYN cookie protection (TCP Half Open flood vector) is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Weakness

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Affected Software

Name	Vendor	Start Version	End Version
Big-ip_advanced_firewall_manager	F5	13.1.0 (including)	13.1.4 (including)
Big-ip_advanced_firewall_manager	F5	14.1.0 (including)	14.1.4 (including)
Big-ip_advanced_firewall_manager	F5	15.1.0 (including)	15.1.4 (including)

Potential Mitigations

Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).

References

https://support.f5.com/csp/article/K16101409

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-23028
CWE	https://cwe.mitre.org/data/definitions/682.html

Incorrect Calculation

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References