CVE-2022-41983 | ByteOS Network

Vulnerability Details :

CVE-2022-41983

Assigner-f5

Assigner Org ID-9dacffd4-cb11-413f-8451-fbbfd4ddc0ab

Published At-19 Oct, 2022 | 21:26

Updated At-08 May, 2025 | 18:08

BIG-IP TMM Vulnerability CVE-2022-41983

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:f5

Assigner Org ID:9dacffd4-cb11-413f-8451-fbbfd4ddc0ab

Published At:19 Oct, 2022 | 21:26

Updated At:08 May, 2025 | 18:08

▼CVE Numbering Authority (CNA)

BIG-IP TMM Vulnerability CVE-2022-41983

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied.

Affected Products

Vendor

Product

Versions

Affected

From 16.1.x before 16.1.3.1 (custom)
From 15.1.x before 15.1.7 (custom)
From 14.1.x before 14.1.5.1 (custom)
From 13.1.0 before 13.1.x* (custom)

Unaffected

From 17.0.0 before 17.0.x* (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-319	CWE-319 Cleartext Transmission of Sensitive Information

Type: CWE

CWE ID: CWE-319

Description: CWE-319 Cleartext Transmission of Sensitive Information

Metrics

Version	Base score	Base severity	Vector
3.1	3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Version: 3.1

Base score: 3.7

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Credits

This issue was discovered internally by F5.

References

Hyperlink	Resource
https://support.f5.com/csp/article/K31523465	N/A

Hyperlink: https://support.f5.com/csp/article/K31523465

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://support.f5.com/csp/article/K31523465	x_transferred

Hyperlink: https://support.f5.com/csp/article/K31523465

Resource:

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

Source:f5sirt@f5.com

Published At:19 Oct, 2022 | 22:15

Updated At:24 Oct, 2022 | 15:57

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary	3.1	3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 3.1

Base score: 3.7

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 3.7

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CPE Matches

>>big-ip_access_policy_manager>>Versions from 13.1.0(inclusive) to 13.1.5(inclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>Versions from 14.1.0(inclusive) to 14.1.5.1(exclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>Versions from 15.1.0(inclusive) to 15.1.7(exclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

>>big-ip_access_policy_manager>>Versions from 16.1.0(inclusive) to 16.1.3.1(exclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>Versions from 13.1.0(inclusive) to 13.1.5(inclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>Versions from 14.1.0(inclusive) to 14.1.5.1(exclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>Versions from 15.1.0(inclusive) to 15.1.7(exclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_firewall_manager>>Versions from 16.1.0(inclusive) to 16.1.3.1(exclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

>>big-ip_advanced_web_application_firewall>>Versions from 13.1.0(inclusive) to 13.1.5(inclusive)

cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*

>>big-ip_advanced_web_application_firewall>>Versions from 14.1.0(inclusive) to 14.1.5.1(exclusive)

cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*

>>big-ip_advanced_web_application_firewall>>Versions from 15.1.0(inclusive) to 15.1.7(exclusive)

cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*

>>big-ip_advanced_web_application_firewall>>Versions from 16.1.0(inclusive) to 16.1.3.1(exclusive)

cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*

>>big-ip_analytics>>Versions from 13.1.0(inclusive) to 13.1.5(inclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

>>big-ip_analytics>>Versions from 14.1.0(inclusive) to 14.1.5.1(exclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

>>big-ip_analytics>>Versions from 15.1.0(inclusive) to 15.1.7(exclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

>>big-ip_analytics>>Versions from 16.1.0(inclusive) to 16.1.3.1(exclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

>>big-ip_application_acceleration_manager>>Versions from 13.1.0(inclusive) to 13.1.5(inclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

>>big-ip_application_acceleration_manager>>Versions from 14.1.0(inclusive) to 14.1.5.1(exclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

>>big-ip_application_acceleration_manager>>Versions from 15.1.0(inclusive) to 15.1.7(exclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

>>big-ip_application_acceleration_manager>>Versions from 16.1.0(inclusive) to 16.1.3.1(exclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>Versions from 13.1.0(inclusive) to 13.1.5(inclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>Versions from 14.1.0(inclusive) to 14.1.5.1(exclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>Versions from 15.1.0(inclusive) to 15.1.7(exclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

>>big-ip_application_security_manager>>Versions from 16.1.0(inclusive) to 16.1.3.1(exclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

>>big-ip_application_visibility_and_reporting>>Versions from 13.1.0(inclusive) to 13.1.5(inclusive)

cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*

>>big-ip_application_visibility_and_reporting>>Versions from 14.1.0(inclusive) to 14.1.5.1(exclusive)

cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*

>>big-ip_application_visibility_and_reporting>>Versions from 15.1.0(inclusive) to 15.1.7(exclusive)

cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*

>>big-ip_application_visibility_and_reporting>>Versions from 16.1.0(inclusive) to 16.1.3.1(exclusive)

cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*

>>big-ip_carrier-grade_nat>>Versions from 13.1.0(inclusive) to 13.1.5(inclusive)

cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*

>>big-ip_carrier-grade_nat>>Versions from 14.1.0(inclusive) to 14.1.5.1(exclusive)

cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*

>>big-ip_carrier-grade_nat>>Versions from 15.1.0(inclusive) to 15.1.7(exclusive)

cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*

>>big-ip_carrier-grade_nat>>Versions from 16.1.0(inclusive) to 16.1.3.1(exclusive)

cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*

>>big-ip_ddos_hybrid_defender>>Versions from 13.1.0(inclusive) to 13.1.5(inclusive)

cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*

>>big-ip_ddos_hybrid_defender>>Versions from 14.1.0(inclusive) to 14.1.5.1(exclusive)

cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*

>>big-ip_ddos_hybrid_defender>>Versions from 15.1.0(inclusive) to 15.1.7(exclusive)

cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*

>>big-ip_ddos_hybrid_defender>>Versions from 16.1.0(inclusive) to 16.1.3.1(exclusive)

cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>Versions from 13.1.0(inclusive) to 13.1.5(inclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>Versions from 14.1.0(inclusive) to 14.1.5.1(exclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>Versions from 15.1.0(inclusive) to 15.1.7(exclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

>>big-ip_domain_name_system>>Versions from 16.1.0(inclusive) to 16.1.3.1(exclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>Versions from 13.1.0(inclusive) to 13.1.5(inclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>Versions from 14.1.0(inclusive) to 14.1.5.1(exclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>Versions from 15.1.0(inclusive) to 15.1.7(exclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*

>>big-ip_edge_gateway>>Versions from 16.1.0(inclusive) to 16.1.3.1(exclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*

>>big-ip_fraud_protection_service>>Versions from 13.1.0(inclusive) to 13.1.5(inclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*

>>big-ip_fraud_protection_service>>Versions from 14.1.0(inclusive) to 14.1.5.1(exclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*

>>big-ip_fraud_protection_service>>Versions from 15.1.0(inclusive) to 15.1.6(exclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*

>>big-ip_fraud_protection_service>>Versions from 16.1.0(inclusive) to 16.1.3.1(exclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*

>>big-ip_global_traffic_manager>>Versions from 13.1.0(inclusive) to 13.1.5(inclusive)

cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*

>>big-ip_global_traffic_manager>>Versions from 14.1.0(inclusive) to 14.1.5.1(exclusive)

cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-319	Primary	f5sirt@f5.com

CWE ID: CWE-319

Type: Primary

Source: f5sirt@f5.com

References

Hyperlink	Source	Resource
https://support.f5.com/csp/article/K31523465	f5sirt@f5.com	Mitigation Vendor Advisory

Hyperlink: https://support.f5.com/csp/article/K31523465

Source: f5sirt@f5.com

Resource:

Mitigation

Vendor Advisory