CVE-2022-36795 is a medium-severity vulnerability affecting multiple versions of the F5 BIG-IP application delivery controller (ADC) platform, specifically versions 14.1.x before 14.1.5.1, 15.1.x before 15.1.7, 16.1.x before 16.1.3.1, and 17.0.x before 17.0.0.1. The vulnerability arises due to an incorrect calculation (CWE-682) in the handling of TCP profiles configured with the Auto Receive Window feature enabled on virtual servers. When this feature is active, certain undisclosed traffic patterns can cause the affected BIG-IP virtual server to stop processing new client connections. This effectively results in a denial-of-service (DoS) condition, impacting the availability of services behind the BIG-IP device. The vulnerability does not impact confidentiality or integrity, and no authentication or user interaction is required to exploit it. The CVSS v3.1 base score is 5.3, reflecting a medium severity level, with the vector indicating network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to availability. No known exploits are currently reported in the wild, and no official patches are linked in the provided data, though F5 typically releases patches for such issues. The root cause is an incorrect calculation in the TCP receive window handling logic, which when triggered by crafted traffic, causes the virtual server to cease accepting new connections, potentially disrupting critical application delivery functions.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on F5 BIG-IP devices for load balancing, application delivery, and security functions. The denial-of-service condition can lead to service outages, affecting availability of web applications, internal services, and customer-facing portals. This disruption can result in operational downtime, loss of revenue, and damage to reputation. Critical sectors such as finance, healthcare, telecommunications, and government agencies that depend on high availability and secure application delivery may face increased risk. Additionally, the inability to process new connections could be exploited as part of a larger attack strategy to cause cascading failures or to distract from other malicious activities. Although the vulnerability does not allow data theft or modification, the availability impact alone is sufficient to cause significant business disruption.

European organizations should take the following specific mitigation steps: 1) Immediately verify if their BIG-IP devices are running affected versions (14.1.x before 14.1.5.1, 15.1.x before 15.1.7, 16.1.x before 16.1.3.1, or 17.0.x before 17.0.0.1). 2) Disable the Auto Receive Window feature on LTM TCP profiles if it is not essential for their environment, as this feature is directly linked to the vulnerability. 3) If the feature is required, prioritize upgrading to the fixed versions provided by F5 as soon as patches become available. 4) Monitor network traffic for unusual patterns that could trigger the vulnerability, and implement rate limiting or filtering on suspicious traffic targeting the BIG-IP virtual servers. 5) Employ network segmentation and access controls to limit exposure of BIG-IP management and virtual server interfaces to untrusted networks. 6) Maintain up-to-date backups and incident response plans to quickly recover from potential service disruptions. 7) Engage with F5 support and subscribe to their security advisories for timely updates and patches.