F5 BIG-IP DNS Cache Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in F5 BIG-IP systems when a DNS profile with caching enabled is active on a virtual server. Undisclosed traffic can disrupt the Traffic Management Microkernel (TMM), causing it to terminate and disrupt service. This issue affects BIG-IP versions 21.0.0, 17.5.0 through 17.5.1, and 17.1.0 through 17.1.3, as well as BIG-IP Next for Kubernetes. BIG-IQ Centralized Management, F5 Distributed Cloud services, and NGINX One Console are not vulnerable.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the TMM process to terminate and disrupt traffic until it restarts.

Remediation

Users can upgrade to BIG-IP versions 21.0.0.1, 17.5.1.6, or 17.1.3.2 to address this vulnerability. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.