12-Jul-2022 19:25
15-Jul-2022 06:58
@Dave_Pisarek - I'll ask around - assuming you haven't already heard back from anyone on this.
15-Jul-2022 07:37
I have not received any updates just yet.
15-Jul-2022 16:21
A couple folks took a look around and we don't see anything official or otherwise. Odd.
I recommend opening a support case at https://support.f5.com/csp/home and requesting an escalation to the ASM Rules Team so that an official and authoritative answer is provided.
It would be great to have any resulting KB article linked here too.
Hope that helps.
Lief
20-Jul-2022 08:37
I'd agree with Lief - reading up on this CVE, it seems to be a Java deserialization gadget accessible prior to authentication. On that basis it's quite likely that there are existing ASM signatures which would trigger during exploitation, but your best route to get that confirmed is by opening a case with the Support organisation who will be able to escalate to the dedicated Threat Research team.
For what it's worth, I looked to see if any other customers had asked the question which would have resulted in an escalation, but there are zero references to that CVE that I can find.
I also couldn't find a good end-to-end PoC; the original writeup points to exploitation via chaining CVE-2022-21445 with a second CVE (from 2020), but they don't reveal the requests they make, only the end results
24-Aug-2022 02:01
Sorry, I forgot to keep an eye on this until I saw your reply here.
Signature 200104810 was released for this CVE on August 4th.