F5 BIG-IP
Easy fix5 remedies
cpe:2.3:h:f5:big-ip_10050s:*:*:*:*:*:*:*, +3 more
Easy fix5 remedies
- >= 17.1.0, <= 17.1.1
- >= 16.1.0, <= 16.1.5
- >= 15.1.0, <= 15.1.10
F5 BIG-IP and BIG-IQ Uncontrolled Resource Consumption Vulnerability Leading to Denial-of-Service
Vulnerability
Patched
A vulnerability exists in F5 BIG-IP systems with Client SSL or Server SSL profiles configured on a Virtual Server, or where DNSSEC signing operations are active. Undisclosed traffic can cause excessive memory and CPU usage, degrading system performance. This issue affects BIG-IP versions 15.1.0 through 15.1.10, 16.1.0 through 16.1.5, and 17.1.0 to 17.1.1. The vulnerability allows a remote, unauthenticated attacker to disrupt services, potentially causing a denial-of-service condition on the BIG-IP system.
Impact
Exploitation of this vulnerability leads to a degradation of system performance, causing the Traffic Management Microkernel (TMM) process to either crash or require a manual restart. This issue creates a denial-of-service condition on the affected BIG-IP system.
Remediation
F5 has released engineering hotfixes for this vulnerability. These hotfixes can be downloaded from the MyF5 Downloads page. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
2.5exploitability
7.6remediation
7.9relevance
0.0threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.