September 22, 2023

F5 patches nearly 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products. Total of 23 security flaws were addressed in the BIG-IP application delivery controller (ADC), including 13 high-severity issues, all of which carry a CVSS score of 7.5.

The majority of the high-severity bugs can result in the termination of the Traffic Management Microkernel (TMM). Ohers will lead to increase in memory resource utilization, virtual server freezes, or JavaScript code execution.


The security defects were identified in multiple BIG-IP versions, ranging from 11.x to 16.x. Fixes were included in versions 14.x, 15.x, and 16.x.

F5 also patched two high-severity errors, in BIG-IQ centralized management (CVE-2022-23009 with CVSS score of 8.0 and NGINX controller API management CVE-2022-23008 with CVSS score of 8.7.

Nine medium-severity vulnerabilities patched affects BIG-IP, but one of them is CVE-2022-23023, leading to increased memory resource utilization impacts BIG-IQ as well.


The flaws lead to TMM termination, increase in resource utilization, virtual server freezes, failure of certain types of TCP connections, or the leak of local files. F5 too patched one low-severity vulnerability leading to a DNS rebinding attack.

Leave a Reply

%d bloggers like this: