F5 Networks BIG-IP : BIG-IP APM VPN vulnerability (K20087443)
High Nessus Plugin ID 118601
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionIn some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a 'flow not in use' assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. (CVE-2017-6129)
An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.
Note : BIG-IP and BIG-IP Virtual Edition (VE) systems that are licensed with the BIG-IP LTM module include a free perpetual license for the BIG-IP APM Lite module. The BIG-IP LTM module is not affected by this vulnerability; however, BIG-IP LTM systems provisioned with the BIG-IP APM Lite module may be vulnerable. For more information about the BIG-IP APM Lite perpetual license, refer to K15854: BIG-IP APM Lite.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K20087443.