F5 BIG-IP Memory Resource Exhaustion Vulnerability Leading to Denial-of-Service
Vulnerability
A vulnerability exists in F5 BIG-IP systems when SNMP versions 1 or 2c are disabled. Under these conditions, certain undisclosed requests can cause increased memory usage, leading to degraded system performance. This issue can cause the 'snmpd' process to require a manual or forced restart. The vulnerability allows remote, unauthenticated attackers to create a denial-of-service condition on the BIG-IP system, potentially impacting traffic management.
Impact
Exploitation of this vulnerability causes a degradation of system performance, leading to a denial-of-service condition on the BIG-IP system. This issue affects the control plane, which may have repercussions on data plane traffic handling.
Remediation
To address this vulnerability, SNMP can be re-enabled on the BIG-IP system. After re-enabling SNMP, it is recommended to restrict access to the SNMP ports over the management interface. Additionally, configuring BIG-IP systems with high availability can help mitigate the impact of this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.