F5 BIG-IP and BIG-IP Next Denial-of-Service Vulnerability via SCTP Profile

A denial-of-service vulnerability has been identified in F5 BIG-IP systems and BIG-IP Next versions, when a Stream Control Transmission Protocol (SCTP) profile is active on a virtual server. Undisclosed requests can lead to increased memory usage, causing system performance to degrade. This degradation can force the Traffic Management Microkernel (TMM) process to restart, either automatically or manually. The issue affects the data plane only, with no exposure to the control plane.

Impact

Exploitation of this vulnerability causes a degradation of service, leading to a denial-of-service condition on the BIG-IP system. The performance decline can require a manual restart of the Traffic Management Microkernel (TMM) process or force an automatic restart.

Remediation

Users can upgrade to BIG-IP versions 15.1.9, 16.1.4, or 17.1.1. For BIG-IP Next, versions 1.3.0 or 20.2.1 are recommended. F5 also advises configuring BIG-IP systems with high availability to mitigate the vulnerability's impact.