CVE-2017-6138 : Security Advisory and Response

A vulnerability in F5 BIG-IP software versions 13.0.0 and 12.1.0 - 12.1.2 could lead to a Denial of Service (DoS) attack by causing a Traffic Management Microkernel (TMM) restart.

Understanding CVE-2017-6138

This CVE involves malicious requests impacting virtual servers with an HTTP profile in specific versions of F5 BIG-IP software.

What is CVE-2017-6138?

The vulnerability allows attackers to trigger a TMM restart by sending malicious requests to virtual servers with an HTTP profile in affected F5 BIG-IP software versions.

The Impact of CVE-2017-6138

The issue results in a Denial of Service (DoS) condition due to the TMM restart caused by the malicious requests.

Technical Details of CVE-2017-6138

This section provides more in-depth technical insights into the vulnerability.

Vulnerability Description

The problem occurs in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe software versions 13.0.0 and 12.1.0 - 12.1.2. It affects virtual servers with an HTTP profile, leading to a TMM restart.

Affected Systems and Versions

Affected Systems: BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe
Affected Versions: 13.0.0, 12.1.0 - 12.1.2

Exploitation Mechanism

The vulnerability is triggered by sending malicious requests to virtual servers with an HTTP profile in the specified F5 BIG-IP software versions.

Mitigation and Prevention

To address CVE-2017-6138, follow these mitigation strategies:

Immediate Steps to Take

Apply vendor-provided patches or updates promptly.
Monitor network traffic for any suspicious activity.
Implement strict access controls to limit exposure.

Long-Term Security Practices

Regularly update and patch all software and systems.
Conduct security assessments and penetration testing regularly.

Patching and Updates

F5 Networks has released patches to address this vulnerability. Ensure all affected systems are updated with the latest patches.