F5 BIG-IP Users Beware: FastL4 Profile Vulnerability Allows Remote Termination of Traffic Management Microkernel

CVECVE-2023-23555
CVSScvssV3_1: 7.5
SourceCVE-2023-23555

F5 Networks’ BIG-IP load balancers and firewalls are widely used networking devices that help manage traffic and security for many large organizations. Unfortunately, a vulnerability has been discovered that could allow unauthorized remote termination of a core component called the Traffic Management Microkernel (TMM).

The vulnerability exists in BIG-IP versions 15.1.x up to 15.1.7 and 14.1.x up to 14.1.5.2 when the FastL4 profile is configured on a virtual server. This profile is commonly used to load balance traffic at the TCP/UDP layer. By sending specially crafted traffic, an attacker could potentially cause the TMM process to crash, interrupting network traffic processing.

As the TMM manages core networking functions, its termination would seriously impact the availability of BIG-IP devices and any applications or servers behind them. This could range from a denial of service to potential remote code execution depending on the configuration.

F5 has addressed the issue in newer software versions, but any organizations running affected BIG-IP devices should immediately update to patch the vulnerability. Regular patching is also important to mitigate newly discovered threats. Proper network segmentation and access controls can help limit exposure or impact.

It’s a reminder that core infrastructure like load balancers must remain up to date to protect against exploitation through unknown vulnerabilities. Organizations should stay vigilant and take prompt action when new advisories are released.

References