F5 Networks BIG-IP : TMM vulnerability (K16248201)
High Nessus Plugin ID 118634
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionIf an MPTCP connection receives a HUDCTL_ABORT while the initial flow is not the primary flow, the initial flow will remain after the MP_FASTCLOSE procedure is complete. TMM may restart and produce a core file as a result of this condition.(CVE-2018-15318)
The BIG-IP system temporarily fails to process traffic as it recovers from a Traffic Management Microkernel (TMM) restart, and devices configured in a device group may fail over.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K16248201.