Lucene search

F5F5:K37451543

HistoryMar 19, 2021 - 12:00 a.m.

K37451543 : TMM vulnerability CVE-2021-23007

2021-03-1900:00:00

my.f5.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

43.0%

JSON

Security Advisory Description

When the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. (CVE-2021-23007)

Impact

TMM incorrectly determines that the fragment memory limit has been reached and drops all fragments it receives, disrupting traffic to the BIG-IP system.

You can determine if your system is impacted by running the tmctl ip_stat command from the BIG-IP command line and reviewing the output for an unusually large value in thefrag_bytes_used column for a given TMM. You may observe that some TMM processes have high values and others do not. For example:

   rx_frag rx_frag_dropped err_frag_mem_limit_reached      frag_bytes_used
  -------- --------------- -------------------------- --------------------
  46406517             508                          0                    0

   rx_frag rx_frag_dropped err_frag_mem_limit_reached      frag_bytes_used
  -------- --------------- -------------------------- --------------------
  44739031             217                          0                    0

   rx_frag rx_frag_dropped err_frag_mem_limit_reached      frag_bytes_used
  -------- --------------- -------------------------- --------------------
  39322744         8404728                    8404628 18446744073709547072

   rx_frag rx_frag_dropped err_frag_mem_limit_reached      frag_bytes_used
  -------- --------------- -------------------------- --------------------
  33528060        15659496                   15659334 18446744073709547072

   rx_frag rx_frag_dropped err_frag_mem_limit_reached      frag_bytes_used
  -------- --------------- -------------------------- --------------------
  46712180             157                          0                    0

   rx_frag rx_frag_dropped err_frag_mem_limit_reached      frag_bytes_used
  -------- --------------- -------------------------- --------------------
  38912369        10588696                   10588558 18446744073709547072

CPENameOperatorVersion
f5 ssl orchestratoreq14.1.0
f5 ssl orchestratoreq14.1.2
f5 ssl orchestratoreq14.1.4
f5 ssl orchestratoreq15.1.0
f5 ssl orchestratoreq15.1.1
f5 ssl orchestratoreq16.0.0
f5 ssl orchestratoreq16.0.1
big-ip afmeq11.6.1
big-ip afmeq11.6.2
big-ip afmeq11.6.3

Name	Operator	Version
f5 ssl orchestrator	eq	14.1.0
f5 ssl orchestrator	eq	14.1.2
f5 ssl orchestrator	eq	14.1.4
f5 ssl orchestrator	eq	15.1.0
f5 ssl orchestrator	eq	15.1.1
f5 ssl orchestrator	eq	16.0.0
f5 ssl orchestrator	eq	16.0.1
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2
big-ip afm	eq	11.6.3

Rows per page:

1-10 of 2481

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

43.0%

JSON

Related for F5:K37451543