F5 Networks BIG-IP : TMOS vulnerability (K49440608)
High Nessus Plugin ID 118671
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionWhen a specifically configured virtual server receives traffic of an
undisclosed nature, the Traffic Management Microkernel (TMM) will
crash and take the configured failover action, potentially causing a
denial of service. The configuration that exposes this issue is not
common and in general does not work when enabled in previous versions
of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration
that exposes this issue is enabled and the virtual server receives
non-TCP traffic. With the fix of this issue, additional configuration
validation logic has been added to prevent this configuration from
being applied to a virtual server. (CVE-2018-5509)
This vulnerability allows for a remote disruption of service.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5