F5 Networks BIG-IP : TMM vulnerability (K43625118)
Medium Nessus Plugin ID 118661
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAn attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors. Clients will be unable to access the application loadbalanced by a virtual server with an SSL profile until tmm is restarted. (CVE-2018-15317)
The vulnerability allows remote attackers to cause a denial-of-service (DoS) on the BIG-IP system.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K43625118.