CVE-2016-5022

Name of the Vulnerable Software and Affected Versions F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller versions 11.2.x through 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x through 11.5.4 HF1, 11.6.x through 11.6.1 HF0, and 12.x through 12.0.0 HF2 F5 BIG-IP AAM, AFM, and PEM versions 11.4.x, 11.5.x through 11.5.4 HF1, 11.6.x through 11.6.1 HF0, and 12.x through 12.0.0 HF2 F5 BIG-IP DNS versions 12.x through 12.0.0 HF2 F5 BIG-IP Edge Gateway, WebAccelerator, and WOM versions 11.2.x through 11.2.1 HF15 and 11.3.0 F5 BIG-IP GTM versions 11.2.x through 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x through 11.5.4 HF1, and 11.6.x through 11.6.1 HF0 F5 BIG-IP PSM versions 11.2.x through 11.2.1 HF15, 11.3.x, and 11.4.0 through 11.4.1 Enterprise Manager version 3.1.1 BIG-IQ Cloud and Security versions 4.0.0 through 4.5.0 BIG-IQ Device versions 4.2.0 through 4.5.0 BIG-IQ ADC version 4.5.0 BIG-IQ Centralized Management version 5.0.0 BIG-IQ Cloud and Orchestration version 1.0.0 iWorkflow version 2.0.0

Description The issue allows remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic when Packet Filtering is enabled on virtual servers and possibly self IP addresses.

Recommendations For F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller versions 11.2.x through 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x through 11.5.4 HF1, 11.6.x through 11.6.1 HF0, and 12.x through 12.0.0 HF2, update to a version outside of these ranges. For F5 BIG-IP AAM, AFM, and PEM versions 11.4.x, 11.5.x through 11.5.4 HF1, 11.6.x through 11.6.1 HF0, and 12.x through 12.0.0 HF2, update to a version outside of these ranges. For F5 BIG-IP DNS versions 12.x through 12.0.0 HF2, update to a version outside of this range. For F5 BIG-IP Edge Gateway, WebAccelerator, and WOM versions 11.2.x through 11.2.1 HF15 and 11.3.0, update to a version outside of these ranges. For F5 BIG-IP GTM versions 11.2.x through 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x through 11.5.4 HF1, and 11.6.x through 11.6.1 HF0, update to a version outside of these ranges. For F5 BIG-IP PSM versions 11.2.x through 11.2.1 HF15, 11.3.x, and 11.4.0 through 11.4.1, update to a version outside of these ranges. For Enterprise Manager version 3.1.1, update to a version outside of this range. For BIG-IQ Cloud and Security versions 4.0.0 through 4.5.0, update to a version outside of this range. For BIG-IQ Device versions 4.2.0 through 4.5.0, update to a version outside of this range. For BIG-IQ ADC version 4.5.0, update to a version outside of this range. For BIG-IQ Centralized Management version 5.0.0, update to a version outside of this range. For BIG-IQ Cloud and Orchestration version 1.0.0, update to a version outside of this range. For iWorkflow version 2.0.0, update to a version outside of this range. As a temporary workaround, consider disabling Packet Filtering on virtual servers and self IP addresses until a patch is available.