F5 BIG-IP Virtual Edition
Easy fix2 remedies
cpe:2.3:a:f5:big-ip_virtual_edition:*:*:*:*:*:*:*
Easy fix2 remedies
F5 BIG-IP SSL Denial-of-Service Vulnerability
Vulnerability
A denial-of-service vulnerability has been identified in F5 BIG-IP Virtual Edition (VE) and certain BIG-IP hardware platforms. When an SSL profile is active on a virtual server without Intel QuickAssist Technology (QAT), or on hardware platforms with the crypto.hwacceleration database variable set to disabled, undisclosed traffic can lead to the termination of the Traffic Management Microkernel (TMM) process. This disruption causes a temporary outage as the TMM process restarts.
Impact
Exploitation of this vulnerability causes a denial-of-service condition on the BIG-IP system by disrupting traffic management processes, leading to a temporary outage until the affected process can be restarted.
Remediation
To address this vulnerability, users can enable crypto hardware acceleration by modifying the crypto.hwacceleration database variable to 'enable'. For BIG-IP Next for Kubernetes users, upgrading to version 2.2.0 is recommended. Consult the F5 BIG-IP hotfix and point release matrix for guidance on managing BIG-IP product hotfixes.
Added: May 13, 2026, 6:12 PM
Updated: May 13, 2026, 6:12 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
0.6exploitability
7.6remediation
8.3relevance
8.2threat
0.0urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.