Key Information Vulnerability Description CVE ID: CVE-2022-26370 Vulnerability Type: SIP MRF ALG profile vulnerability Description: When a Session Initiation Protocol (SIP) Message Routing Framework (MRF) Application Layer Gateway (ALG) profile is configured on a message routing virtual server, an unpublicized request may cause the Traffic Management Microkernel (TMM) to terminate. Impact: Causes a Denial of Service (DoS) on BIG-IP systems. Vulnerability Classification: CWE-908: Use of Uninitialized Resource Affected Products and Versions BIG-IP (All Modules): - 17.x: None (Fixes introduced in 17.0.0) - 16.x: 16.1.0 - 16.1.2 (Fixes introduced in 16.1.2.2) - 15.x: 15.1.0 - 15.1.4 (Fixes introduced in 15.1.5) - 14.x: 14.1.0 - 14.1.4 (Fixes introduced in 14.1.4.6) - 13.x: None (Not applicable) - 12.x: None (Not applicable) - 11.x: None (Not applicable) BIG-IQ Centralized Management: 8.x, 7.x (Not vulnerable) F5OS-A: 1.x (Not vulnerable) F5OS-C: 1.x (Not vulnerable) Traffix SDC: 5.x (Not vulnerable) Risk Assessment Severity: Medium CVSSv3 Score: 5.9 Remediation and Mitigation Recommended Action: Install the fixed version. Mitigation Measures: - Configure the BIG-IP system as a High Availability (HA) cluster. - Configure HA tables to perform specific operations. Discoverer Internal Discovery