CVE-2015-7759

Name of the Vulnerable Software and Affected Versions BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM versions 12.0.0 through 12.0.0 before HF1

Description The issue is related to the Congestion Metrics Cache feature in the TCP profile for a virtual server, allowing remote attackers to cause a denial of service (Traffic Management Microkernel (TMM) restart) via crafted ICMP packets. This is connected to Path MTU (PMTU) discovery. The vulnerability exists due to insufficient input validation, which can be exploited by a remote attacker using specially crafted ICMP packets to cause a denial of service.

Recommendations For BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM versions 12.0.0 through 12.0.0 before HF1, consider disabling the Congestion Metrics Cache feature in the TCP profile for virtual servers as a temporary workaround until a patch is available. Restrict access to the vulnerable systems to minimize the risk of exploitation. Apply the HF1 patch to resolve the issue.