Lucene search
F5F5:K000133467HistoryOct 10, 2023 - 12:00 a.m.
K000133467 : BIG-IP HTTP/2 vulnerability CVE-2023-40534
2023-10-1000:00:00
my.f5.com
12
big-ip
http/2
vulnerability
cve-2023-40534
tmm
termination
undisclosed requests
denial-of-service
dos
data plane
attacker
remote
Security Advisory Description
Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server. TMM can also terminate when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled, regardless of the presence of the iRule. (CVE-2023-40534)
Impact
Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote, unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.
Related
cnvd
cnvd
F5 BIG-IP HTTP/2 Denial of Service Vulnerability
2023-10-11 00:00:00
prion
prion
Design/Logic Flaw
2023-10-10 13:15:00
cvelist
cvelist
CVE-2023-40534 BIG-IP HTTP/2 vulnerability
2023-10-10 12:32:37
cve
cve
CVE-2023-40534
2023-10-10 13:15:20
nessus
nessus
F5 Networks BIG-IP HTTP/2 DoS (K000133467)
2023-10-13 00:00:00
nvd
nvd
CVE-2023-40534
2023-10-10 13:15:20
vulnrichment
vulnrichment
CVE-2023-40534 BIG-IP HTTP/2 vulnerability
2023-10-10 12:32:37
f5
f5
K000137053 : Overview of F5 vulnerabilities (October 2023)
2023-10-10 00:00:00