Primary

Context

F5 BIG-IP SIP Profile Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in F5 BIG-IP systems when a Session Initiation Protocol (SIP) profile is active on a virtual server. Undisclosed traffic can lead to the termination of the Traffic Management Microkernel (TMM) process, causing a disruption as TMM restarts. This issue allows remote, unauthenticated attackers to disrupt traffic on the BIG-IP system.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by disrupting traffic management processes, leading to temporary service unavailability.

Remediation

Users can upgrade to BIG-IP versions 21.0.0.2, 17.5.1.6, or 17.1.3.2 to address this vulnerability. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.

Added: May 13, 2026, 6:17 PM

Updated: May 13, 2026, 6:17 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.9

relevance

8.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.9

relevance

8.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

F5 BIG-IP SIP Profile Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

F5 BIG-IP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating