F5 BIG-IP Data Plane Vulnerability Allowing Unauthorized Data Modification
Vulnerability
A vulnerability exists in F5 BIG-IP systems, where undisclosed traffic can lead to data corruption and unauthorized modification of data in protocols lacking message integrity protection. This issue allows remote, unauthenticated attackers to inject malicious data into active TCP connections without control plane exposure, affecting only the data plane.
Impact
Exploitation of this vulnerability could enable a remote, unauthenticated attacker to inject harmful data into active TCP connections that do not have message integrity protections, such as Transport Layer Security (TLS).
Remediation
To address this vulnerability, users should upgrade to a fixed version and enable the 'tm.tcpstopblindinjection' database variable, which is disabled by default. After enabling the variable, it is recommended to verify the change through the TMOS Shell. Additionally, ensure that TCP connections in the data plane are protected with protocols that provide message integrity, like TLS.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.