F5 Networks BIG-IP : TMOS vulnerability (K49440608)
High Nessus Plugin ID 118671
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionWhen a specifically configured virtual server receives traffic of an undisclosed nature, the Traffic Management Microkernel (TMM) will crash and take the configured failover action, potentially causing a denial of service. The configuration that exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration that exposes this issue is enabled and the virtual server receives non-TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. (CVE-2018-5509)
This vulnerability allows for a remote disruption of service.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K49440608.