CVE-2020-5852

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions with specific engineering hotfixes, including Hotfix-BIGIP-14.1.2.1.0.83.4-ENG, Hotfix-BIGIP-12.1.4.1.0.97.6-ENG, and Hotfix-BIGIP-11.5.4.2.74.291-HF2

Description The issue is caused by undisclosed traffic patterns received, which may disrupt the service to the Traffic Management Microkernel (TMM) when a virtual server is configured with a FastL4 profile. This results in traffic processing being disrupted while TMM restarts. It is noted that this issue only impacts specific engineering hotfixes and does not affect any of the BIG-IP major, minor, or maintenance releases obtained from downloads.f5.com.

Recommendations For Hotfix-BIGIP-14.1.2.1.0.83.4-ENG, consider applying a configuration change to avoid using the FastL4 profile on virtual servers to minimize disruption. For Hotfix-BIGIP-12.1.4.1.0.97.6-ENG, restrict the traffic patterns received by the TMM to prevent service disruption. For Hotfix-BIGIP-11.5.4.2.74.291-HF2, as a temporary workaround, consider disabling the virtual server configured with the FastL4 profile until a fix is available.