F5 BIG-IP APM PingAccess Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in F5 BIG-IP APM when a virtual server is configured to use a PingAccess profile. Undisclosed requests can lead to the termination of the Traffic Management Microkernel (TMM) process, causing a disruption in traffic as TMM restarts. This issue affects BIG-IP versions 15.1.0 through 15.1.10, 16.1.0 through 16.1.5, and 17.1.0 through 17.1.2.

Impact

Exploitation of this vulnerability causes a denial-of-service condition on the BIG-IP system by disrupting traffic management processes, which can lead to temporary service outages.

Remediation

Users can upgrade to BIG-IP versions 15.1.10.7.0.4.5, 16.1.6, or 17.1.2.2 to address this vulnerability. For more information about managing BIG-IP product hotfixes, refer to the MyF5 article K13123.