K05043394: TMM vulnerability CVE-2021-23036

Security Advisory Description When a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2021-23036 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remot...

K95434410: TMM vulnerability CVE-2019-6629

Security Advisory Description Undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact...

K14632915: TMM vulnerability CVE-2019-6603

Security Advisory Description Malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. CVE-2019-6603 Impact This vulnerability...

K43450419: TMM vulnerability CVE-2020-5871

Security Advisory Description Undisclosed requests can lead to a denial of service DoS when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane...

K06747393: TMM vulnerability CVE-2019-6677

Security Advisory Description Under certain conditions, when using custom TCP congestion control settings in a TCP profile, TMM stops processing traffic when processed by an iRule. CVE-2019-6677 Impact The Traffic Management Microkernel TMM may generate a core file and restart, causing a traffic...

K35408374: BIG-IP compression driver vulnerability CVE-2021-23044

Security Advisory Description When the Intel QuickAssist Technology QAT compression driver is used on affected BIG-IP hardware and BIG-IP Virtual Edition VE platforms, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2021-23044 Impact Traffic is disrupted whi...

K05314769: BIG-IP Advanced WAF and ASM WebSocket vulnerability CVE-2021-23033

Security Advisory Description When a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. CVE-2021-23033 Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a remote attacker to cause a denial-of-service DoS on the...

K52510511: Advanced WAF/ASM buffer-overflow vulnerability CVE-2021-22992

Security Advisory Description A malicious HTTP response to an Advanced WAF/ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution RCE, leading to complete system compromise...

K51754851: BIG-IP system vulnerability CVE-2018-5512

Security Advisory Description When Large Receive Offload LRO and SYN cookies are enabled default settings, undisclosed traffic patterns may cause TMM to restart. CVE-2018-5512 Impact An attacker may be able to cause a disruption of service. Exposure to this vulnerability is limited to the data...

K03009991: iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986

Security Advisory Description The iControl REST interface has an unauthenticated remote command execution vulnerability. CVE-2021-22986 Impact This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and se...

K23465404: BIG-IP LTM and APM NTLM vulnerability CVE-2022-33968

Security Advisory Description When an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read. CVE-2022-33968 Impact If an attacker controls the server that handles monitor traffic or the APM SSO endpoint,...

K28405643: BIG-IP Message Routing MQTT vulnerability CVE-2022-35240

Security Advisory Description When the Message Routing MR Message Queuing Telemetry Transport MQTT profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-35240 Impact System performance can degrade until the TMM process is...

K90603426: TMM with HTTP/2 vulnerability (CVE-2021-23009)

Security Advisory Description Malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data plane issue only.CVE-2021-23009 Impact...

K96924184: BIG-IP HTTP profile vulnerability CVE-2022-23022

Security Advisory Description When an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23022 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote, unauthenticated...

K82034427: BIG-IP FTP profile vulnerability CVE-2022-26130

Security Advisory Description When an Active mode-enabled FTP profile is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing active FTP data channel connections. CVE-2022-26130 Impact Traffic is disrupted for active FTP data channel connections. Thi...

K19012930: TMM GTP vulnerability CVE-2021-23048

Security Advisory Description When GPRS Tunneling Protocol GTP iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP messages can cause the Traffic Management Microkernel TMM to terminate. CVE-2021-23048. Impact Traffic is disrupted while the TMM process restarts. Th...

K45320419: TMM with HTTP/2 vulnerability CVE-2018-5514

Security Advisory Description Maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue. CVE-2018-5514 Impact The BIG-IP system may temporarily fail ...

K24358905: BIG-IP AFM virtual server vulnerability CVE-2022-23018

Security Advisory Description When a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23018 Impact Traffic is disrupted while the TMM process restarts. This...

K47204506: BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836

Security Advisory Description When an "Attack Signature False Positive Mode" enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. CVE-2022-41836 Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a...

K31856317: BIG-IP Packet Filters vulnerability CVE-2022-27182

Security Advisory Description When BIG-IP packet filters are enabled and a virtual server is configured with the type set to Reject, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-27182 Impact System performance can degrade until the process is either forced t...