F5 BIG-IP Advanced WAF/ASM BADoS Vulnerability Leading to Denial-of-Service
Vulnerability
A denial-of-service vulnerability has been identified in F5 BIG-IP Advanced Web Application Firewall (WAF) and Application Security Manager (ASM) versions 15.1.0 through 15.1.10, 16.1.0 through 16.1.4, and 17.1.0 to 17.1.1. When the Behavioral DoS (BADoS) TLS Signatures feature is enabled, certain undisclosed traffic can cause excessive memory usage. This increased resource consumption can degrade system performance, potentially causing the admd or Traffic Management Microkernel (TMM) processes to crash or require a manual restart.
Impact
Exploitation of this vulnerability leads to a degradation of service on the BIG-IP system, causing the admd or Traffic Management Microkernel (TMM) processes to either crash or require a manual restart.
Remediation
Users can upgrade to BIG-IP versions 15.1.10.6.0.11.6, 16.1.5, or 17.1.2 to address this vulnerability. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.