Primary

Context

F5 BIG-IP TMM Denial-of-Service Vulnerability in AWS Virtual Editions

Vulnerability

A denial-of-service vulnerability has been identified in F5 BIG-IP Virtual Edition (VE) instances running versions 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2. When these instances process specially crafted traffic with the default 'xnet' driver, they may experience a Traffic Management Microkernel (TMM) restart. This issue does not affect BIG-IP VEs in other virtual environments or hardware appliances.

Impact

Exploitation of this vulnerability can lead to a TMM process restart, causing a denial-of-service condition on the affected BIG-IP VE system.

Remediation

Users can upgrade to BIG-IP versions 15.1.0 or 14.1.2.3 to address this vulnerability. For guidance on managing BIG-IP product hotfixes, refer to the F5 article K13123.

Added: Mar 11, 2026, 6:53 PM

Updated: Mar 11, 2026, 6:53 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

F5 BIG-IP TMM Denial-of-Service Vulnerability in AWS Virtual Editions

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating