F5 BIG-IP SSL/TLS Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in F5 BIG-IP systems when SSL profiles are applied to a virtual server. Undisclosed traffic can disrupt the virtual server's ability to handle new client connections, effectively causing a service outage for those connections. This issue is limited to the data plane and does not affect the control plane.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition on the affected BIG-IP virtual server, causing disruptions for new client connections.

Remediation

To address this vulnerability, users can upgrade to a fixed version. For BIG-IP Next SPK, versions 2.0.0 to 2.0.2 should be upgraded to 2.0.3. For BIG-IP Next CNF, versions 1.4.0 should be upgraded to 1.4.1. For BIG-IP versions 17.5.0 to 17.5.1 and 17.1.0 to 17.1.3, users should upgrade to 17.5.1.4 or 17.1.3.1, respectively. For BIG-IP versions 16.1.0 to 16.1.6, no update is currently available, but users are advised to upgrade to a version with the fix. Consult the F5 BIG-IP hotfix and point release matrix for more details.