F5 BIG-IP Denial-of-Service Vulnerability in SIP ALG Profiles on Message Routing Virtual Servers

A denial-of-service vulnerability has been identified in F5 BIG-IP systems when SIP Session and Router Application Layer Gateway profiles are active on a Message Routing type virtual server. Undisclosed traffic can lead to the termination of the Traffic Management Microkernel (TMM) process, causing a disruption as TMM restarts. This issue affects BIG-IP versions 15.1.0 through 15.1.10, 16.1.0 through 16.1.4, and 17.1.0 to 17.1.1. Notably, this vulnerability allows remote, unauthenticated attackers to cause a TMM process crash, with no control plane exposure, making it a data plane issue only.

Impact

Exploitation of this vulnerability causes a denial-of-service condition on the BIG-IP system by disrupting traffic management processes, which can lead to service interruptions.

Remediation

Users can upgrade to BIG-IP versions 15.1.11, 16.1.5, or 17.1.2 to address this vulnerability. For BIG-IP 15.x, the hotfix-BIGIP-15.1.10.6.0.11.6-ENG.iso is available. F5 recommends configuring BIG-IP systems with high availability to mitigate the impact of this vulnerability.