CVE-2020-27724

Name of the Vulnerable Software and Affected Versions BIG-IP APM versions 11.6.1 through 11.6.5.2 BIG-IP APM versions 12.1.0 through 12.1.5.2 BIG-IP APM versions 13.1.0 through 13.1.3.4 BIG-IP APM versions 14.1.0 through 14.1.3 BIG-IP APM versions 15.0.0 through 15.0.1.3 BIG-IP APM versions 15.1.0 through 15.1.0.4 BIG-IP APM versions 16.0.0 through 16.0.0.1

Description On systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over the tunnel.

Recommendations For BIG-IP APM versions 11.6.1 through 11.6.5.2, update to a version outside of this range to mitigate the risk. For BIG-IP APM versions 12.1.0 through 12.1.5.2, update to a version outside of this range to mitigate the risk. For BIG-IP APM versions 13.1.0 through 13.1.3.4, update to a version outside of this range to mitigate the risk. For BIG-IP APM versions 14.1.0 through 14.1.3, update to a version outside of this range to mitigate the risk. For BIG-IP APM versions 15.0.0 through 15.0.1.3, update to a version outside of this range to mitigate the risk. For BIG-IP APM versions 15.1.0 through 15.1.0.4, update to a version outside of this range to mitigate the risk. For BIG-IP APM versions 16.0.0 through 16.0.0.1, update to a version outside of this range to mitigate the risk.