F5 BIG-IP PEM Control Plane Listener Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in F5 BIG-IP systems running versions 15.1.0 through 15.1.10, 16.1.0 through 16.1.4, and 17.1.0 through 17.1.1. When the PEM Control Plane Listener virtual server is configured with a Diameter Endpoint profile, certain undisclosed traffic can disrupt the virtual server's ability to process new client connections. This issue also leads to increased memory usage. As a result, the Traffic Management Microkernel (TMM) process may need to be manually restarted, causing temporary traffic disruption and a high availability failover, if configured.

Impact

Exploitation of this vulnerability causes the BIG-IP system to stop processing new client connections on affected PEM control and data plane virtual servers, leading to a denial-of-service condition. The disruption persists until the TMM process is restarted, either manually or through a high availability failover, if configured.

Remediation

Users can upgrade to BIG-IP versions 15.1.10.6.0.11.6, 16.1.5, or 17.1.2 to address this vulnerability. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.