PT-2017-9196 · F5 · Psm+9

Published

2017-05-11

Updated

2019-06-06

CVE-2016-7476

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe versions 11.3.0 through 11.4.1 HF9 F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe versions 11.5.0 through 11.5.3 HF1 F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe versions 11.6.0 through 11.6.0 HF5

Description The issue is related to a memory leak in the Traffic Management Microkernel (TMM) when handling certain types of TCP traffic. This can be exploited by remote attackers to cause a denial of service (DoS) using a crafted TCP packet.

Recommendations For versions 11.3.0 through 11.4.1 HF9, update to version 11.4.1 HF10 or later. For versions 11.5.0 through 11.5.3 HF1, update to version 11.5.3 HF2 or later. For versions 11.6.0 through 11.6.0 HF5, update to version 11.6.0 HF6 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2016-7476

Affected Products

Aam

Afm

Apm

Asm

Big-Ip Ltm

Gtm

Link Controller

Pem

Psm

Websafe

PT-2017-9196 · F5 · Psm+9

CVE-2016-7476

Weakness Enumeration

Related Identifiers

Affected Products

References · 5