When your system handles MQTT traffic through a BIG-IP virtual server associated with an MQTT profile, and an iRule performs manipulations on that traffic, TMM may produce a core file. (CVE-2020-5935)
Impact
The Traffic Management Microkernel (TMM) may generate a core file and restart, causing a high availability (HA) failover event.
To trigger this issue, an associated iRule must call the following command:
MQTT::topic delete
To exploit this issue, an attacker must determine a vulnerable code-path through the associated iRule, which may require a significant amount of internal BIG-IP configuration knowledge.