F5 BIG-IP Traffic Management Microkernel Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in F5 BIG-IP systems when an HTTP profile with the Enforce RFC Compliance option is active on a virtual server. Under these conditions, certain undisclosed requests can lead to the termination of the Traffic Management Microkernel (TMM) process. This disruption causes a temporary outage as the TMM process restarts, allowing remote, unauthenticated attackers to interfere with traffic management operations.

Impact

Exploitation of this vulnerability disrupts traffic management by causing the TMM process to crash and restart, temporarily halting active connections and processes managed by TMM.

Remediation

Users can upgrade to BIG-IP versions 17.1.2, 16.1.5, or 20.1.0. For BIG-IP Next SPK and CNF, version 2.0.0 is recommended. F5 also suggests configuring systems with high availability to mitigate the impact of this vulnerability.