CVE-2020-5918

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.6.1 through 11.6.5.1 F5 BIG-IP versions 12.1.0 through 12.1.5.1 F5 BIG-IP versions 13.1.0 through 13.1.3.3 F5 BIG-IP versions 14.1.0 through 14.1.2.3 F5 BIG-IP versions 15.0.0 through 15.0.1.3 F5 BIG-IP versions 15.1.0 through 15.1.0.4

Description The issue arises when the Traffic Management Microkernel (TMM) processes Stream Control Transmission Protocol (SCTP) traffic at high volumes, potentially causing TMM to stop responding. This occurs in configurations where a virtual server is set up with an SCTP profile.

Recommendations For versions 11.6.1 through 11.6.5.1, consider disabling the SCTP profile on virtual servers to mitigate the risk. For versions 12.1.0 through 12.1.5.1, restrict the volume of SCTP traffic to prevent TMM from stopping. For versions 13.1.0 through 13.1.3.3, avoid using SCTP profiles on virtual servers until a fix is available. For versions 14.1.0 through 14.1.2.3, limit the use of virtual servers configured with SCTP profiles. For versions 15.0.0 through 15.0.1.3, temporarily disable SCTP traffic processing. For versions 15.1.0 through 15.1.0.4, consider applying configuration changes to reduce the impact of high SCTP traffic volumes.