F5 BIG-IP Traffic Management Microkernel Denial-of-Service Vulnerability via ePVA Feature
Vulnerability
A denial-of-service vulnerability has been identified in F5 BIG-IP systems when a virtual server, network address translation (NAT) object, or secure NAT (SNAT) object utilizes the embedded Packet Velocity Acceleration (ePVA) feature, and the 'Auto Last Hop' setting is disabled. Under these conditions, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to crash, disrupting services while the TMM process restarts. This issue affects BIG-IP versions 15.1.0 through 15.1.10, 16.1.0 through 16.1.6, and 17.1.0 through 17.1.2.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition on the BIG-IP system, causing the TMM process to terminate and disrupt active traffic. The TMM process will automatically restart, but this interruption can impact application availability.
Remediation
Users can upgrade to BIG-IP versions 15.1.10.8, 16.1.6.1, or 17.1.3 to address this vulnerability. For systems with high availability (HA) clustering, F5 recommends configuring the HA table to manage specific actions related to this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.