F5 Networks BIG-IP : TMM WebSocket vulnerability (K11718033)
High Nessus Plugin ID 118630
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionIn some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed WebSocket requests/responses, which allows remote attackers to cause a denial of service (DoS) or possible remote code execution on the BIG-IP system. (CVE-2018-5504)
This vulnerability allowsunauthorized remote code execution and disruption of service through an unspecified crafted WebSocket packet.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K11718033.