BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions. (CVE-2019-6683)
Impact
This vulnerability is present only on BIG-IP Virtual Edition (VE) systems with limited bandwidth licenses. BIG-IP VE products with unlimited bandwidth are not affected.
Memory usage increases and will trigger aggressive sweeper until exhaustion. In the** /var/log/ltm** file, affected systems log Inet port exhaustion log messages.
Traffic processing is disrupted while the Traffic Management Microkernel (TMM) restarts. If the affected F5 device is configured as part of a device group, the system triggers a failover to the peer device.