CVE-2023-23555

Name of the Vulnerable Software and Affected Versions BIG-IP Virtual Edition versions 15.1.4 through 15.1.8 BIG-IP Virtual Edition versions 14.1.5 through 14.1.5.3 BIG-IP SPK versions 1.5.0 through 1.6.0

Description The issue is related to the Traffic Management Microkernel (TMM) terminating when undisclosed traffic is received and the FastL4 profile is configured on a virtual server. This can cause a denial of service. The vulnerability is also associated with incorrect initialization of a resource in BIG-IP Access Policy Manager and other BIG-IP software modules.

Recommendations For BIG-IP Virtual Edition versions 15.1.4 through 15.1.8, update to a version after 15.1.8 to resolve the issue. For BIG-IP Virtual Edition versions 14.1.5 through 14.1.5.3, update to a version after 14.1.5.3 to resolve the issue. For BIG-IP SPK versions 1.5.0 through 1.6.0, update to a version after 1.6.0 to resolve the issue. As a temporary workaround, consider disabling the FastL4 profile on virtual servers until a patch is available.