—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Denial of Service (DoS) vulnerability in F5 BIG-IP Advanced WAF and ASM 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

BIG-IP Advanced WAF/ASM  version 17.1.0 – 17.1.2

Overview

A vulnerability has been reported in F5 BIG-IP WAF and ASM could allow an unauthenticated attacker to disrupt system availability by triggering an unexpected termination of the bd Process under specific conditions.

Target Audience:

Enterprise IT Departments, Network Administrators and Security Professionals, Cloud and DevOps Teams, Web Application Developers, Service Providers and Managed Service Providers, Security Operations Teams, CIOs and IT Leaders.

 

Risk Assessment:

Critical risks on confidentiality, integrity, and availability of the systems.

Impact Assessment:

Unauthorized access to sensitive information, compromise of integrity and confidentiality.

Description

F5 BIG-IP Advanced Web Application Firewall (WAF) and Application Security Manager (ASM) are security components designed to protect web applications by inspecting and controlling application-layer traffic, helping organizations prevent common web-based attacks and maintain the availability, integrity, and security of critical applications.

A vulnerability exists in F5 BIG-IP Advanced Web Application Firewall (WAF) or Application Security Manager (ASM) security policies. Under specific undisclosed request conditions and circumstances beyond an attackers control, the bd process can unexpectedly terminate.

Successfully exploitation of this vulnerability could allow an unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system

Solution

Apply appropriate security updates as mentioned in:

https://my.f5.com/manage/s/article/K000158072

Vendor Information

F5

https://my.f5.com/manage/s/article/K000158072

References

F5

https://my.f5.com/manage/s/article/K000158072

CVE Name

CVE-2026-22548

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmHITMACgkQ3jCgcSdc

ys84mg//fxRVpJJdQRBlaXZ9cVRFCqNc6a6EVRb5sxTybsZ8KOEi+mrtUMFv9iha

yLZN6HdANo9ahEJwbyorOFnnUz33gTJKy5swkT8+UXriBolVHqh+bjCBTuSA2Ici

Np+tafMJEMxwgAiSrb0dFwhCHQTGCKfySbX4B21Ygxw2nsSUJIAoJK0DHG5jsmIk

4OuDLxY9XPxyUgrbPJiwbOBfKhfRJkFmRVcxafMBQMYIfE8yAFirOhfuSXw1/YQG

hmaVy/kO7cC8EHCHegGv7zvDrxFmBgQVH0pc2sn8T4ypDhV7BMpX+uDbXo0iuiWD

g4i9xNMQdPVJ7WlquVb6ins7S0Sy3zmJvtxyuJC2wnrJyFKI5edEAJh8H8ruqbj8

D7RAWGt5ebex2kMWAr925HnbHs8ya179U5SCLQ30YFpBFzSQmS6h2bAhHYfmLySM

JbQX9n+axIGur9OCQJyiUBC8nfX21gQRmf+niBvf9LtS03EPOEyIdqyRMBG0FT3Y

RfIbKTetlzp1xrC/VG9Kh//v7l38oN0VC66mNAnbSdfnrDorj2jvXd+D0IfQSafE

FeWcUfEpq8RQef723AjgsIfNbkjGuv5mp19tuOh0QP+ZvcJV14n59RDESqMIUAov

/GX5zW4O1ATyf9wxZg34teBenmpSxIn+s82+tGXhXEj2i5WmkwU=

=fVXA

—–END PGP SIGNATURE—–