CVE-2020-27720

Name of the Vulnerable Software and Affected Versions BIG-IP LTM/CGNAT versions 13.1.0 through 13.1.3.5 BIG-IP LTM/CGNAT versions 14.1.0 through 14.1.3 BIG-IP LTM/CGNAT versions 15.1.0 through 15.1.0.5 BIG-IP LTM/CGNAT versions 16.0.0 through 16.0.0.1

Description The issue occurs when processing NAT66 traffic with Port Block Allocation (PBA) mode and SP-DAG enabled, and dag-ipv6-prefix-len configured with a value less than the default of 128. An undisclosed traffic pattern may cause the Traffic Management Microkernel (TMM) to restart.

Recommendations For BIG-IP LTM/CGNAT versions 13.1.0 through 13.1.3.5, consider updating the configuration to use the default dag-ipv6-prefix-len value of 128 or higher to prevent TMM restarts. For BIG-IP LTM/CGNAT versions 14.1.0 through 14.1.3, consider updating the configuration to use the default dag-ipv6-prefix-len value of 128 or higher to prevent TMM restarts. For BIG-IP LTM/CGNAT versions 15.1.0 through 15.1.0.5, consider updating the configuration to use the default dag-ipv6-prefix-len value of 128 or higher to prevent TMM restarts. For BIG-IP LTM/CGNAT versions 16.0.0 through 16.0.0.1, consider updating the configuration to use the default dag-ipv6-prefix-len value of 128 or higher to prevent TMM restarts.