F5 BIG-IP AFM
Easy fix5 remedies
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*
Easy fix5 remedies
- >= 17.1.0, <= 17.1.1
- >= 16.1.0, <= 16.1.5
- >= 15.1.0, <= 15.1.10
F5 BIG-IP AFM CPU Resource Exhaustion Vulnerability Leading to Denial-of-Service
Vulnerability
Patched
A vulnerability exists in F5 BIG-IP Application Firewall Manager (AFM) when the Intrusion Prevention System (IPS) module is active and a protocol inspection profile is applied to a virtual server, firewall rule, or policy. Under these conditions, certain undisclosed traffic can cause a significant increase in CPU usage. This CPU exhaustion can degrade system performance, potentially causing the Traffic Management Microkernel (TMM) process to crash or require a manual restart. The issue represents a data plane problem, with no exposure to the control plane.
Impact
Exploitation of this vulnerability can lead to a denial-of-service condition on the BIG-IP system, causing the TMM process to become unresponsive and requiring a restart.
Remediation
Users can upgrade to BIG-IP versions 17.1.2, 16.1.6, or 15.1.10.6.0.11.6 to address this vulnerability. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
2.5exploitability
7.0remediation
7.9relevance
0.0threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.