Date Published: 2021-09-30
QID 375902: F5 BIG-IP Application Security Manager (ASM) Traffic Management Microkernel (TMM) Vulnerability (K05043394)
F5 BIG-IP ASM (Application Security Manager) is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments.
When a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2021-23036)
Vulnerable Component: BIG-IP ASM
16.0.0 - 126.96.36.199
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.
- K05043394 - support.f5.com/csp/article/K05043394
CVEs related to QID 375902