CVE-2022-41806 is a high-severity vulnerability affecting F5 BIG-IP Advanced Firewall Manager (AFM) versions 16.1.x prior to 16.1.3.2 and 15.1.x prior to 15.1.5.1. The vulnerability arises when a Network Address Translation (NAT) policy with IPv6/IPv4 translation rules is configured on a virtual server. Under these conditions, specially crafted or undisclosed requests can trigger uncontrolled resource consumption, specifically causing an increase in memory usage on the affected system. This behavior aligns with CWE-400, which pertains to uncontrolled resource consumption or resource exhaustion. The vulnerability does not impact confidentiality or integrity directly but severely impacts availability by potentially causing denial of service (DoS) conditions due to memory exhaustion. The CVSS 3.1 base score is 7.5, reflecting a high severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and an impact limited to availability (A:H). There are no known exploits in the wild as of the published date. The vulnerability is particularly relevant for organizations using F5 BIG-IP AFM with IPv6/IPv4 NAT configurations, as the memory exhaustion can degrade or disrupt firewall operations, potentially leading to service outages or degraded network security posture.

For European organizations, the impact of CVE-2022-41806 can be significant, especially for those relying on F5 BIG-IP AFM devices to protect critical network infrastructure. The memory exhaustion can lead to denial of service, causing firewall failures or degraded performance, which in turn can expose networks to further attacks or disrupt business-critical services. Given the increasing adoption of IPv6 alongside IPv4 in Europe, organizations utilizing IPv6/IPv4 translation rules in their NAT policies are particularly at risk. Disruptions in firewall functionality can affect confidentiality indirectly by enabling attackers to bypass security controls during downtime. The impact is heightened for sectors with stringent availability requirements such as finance, healthcare, telecommunications, and government agencies. Additionally, the lack of required privileges or user interaction for exploitation means attackers can remotely trigger the vulnerability, increasing the risk of widespread disruption.

To mitigate CVE-2022-41806, European organizations should prioritize updating affected F5 BIG-IP AFM devices to versions 16.1.3.2 or later and 15.1.5.1 or later, where the vulnerability has been addressed. Until patches are applied, organizations should review and potentially disable or limit the use of IPv6/IPv4 translation rules in NAT policies on virtual servers to reduce exposure. Network administrators should implement strict network segmentation and access controls to restrict access to management interfaces and limit exposure of vulnerable services to untrusted networks. Monitoring memory utilization and setting up alerts for abnormal resource consumption on BIG-IP devices can provide early warning signs of exploitation attempts. Additionally, deploying rate limiting or traffic filtering to block suspicious or malformed requests targeting NAT policies may reduce the risk. Regularly reviewing F5 security advisories and subscribing to vendor notifications will ensure timely awareness of updates and mitigations.