F5 BIG-IP Devices Vulnerable to DDoS Attacks Due to Undisclosed Query Issues

CVECVE-2024-21763
CVSScvssV3_1: 7.5
SourceCVE-2024-21763

F5 BIG-IP application firewall and delivery controller devices are prone to denial of service (DDoS) attacks if certain configurations are enabled.

The vulnerability affects the Traffic Management Microkernel (TMM) component, which is responsible for load balancing and traffic steering. When the BIG-IP Advanced Firewall Manager (AFM) device’s DDoS protection or profiles have the “NXDOMAIN attack vector” and “bad actor detection” options turned on, it can cause the TMM to crash if it receives undisclosed DNS queries.

Attackers could exploit this by crafting malicious DNS requests that would not be blocked by the configuration, overloading system resources and preventing legitimate users from accessing protected websites and applications.

If you use F5 BIG-IP devices, make sure to check your AFM configurations and disable the “NXDOMAIN attack vector” and “bad actor detection” settings if they are not required. Keeping your BIG-IP software up to date with the latest patches also helps mitigate any known issues. Contact F5 support if you need help assessing your vulnerability.

Taking some simple steps like reviewing your security configurations and applying updates can help shore up defenses against DDoS threats targeting this widely-used load balancing and traffic management solution.

References