CVE-2024-28889

Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to 17.0.0

Description When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate.

Recommendations For versions prior to 17.0.0, update to version 17.0.0 or later to resolve the issue. As a temporary workaround, consider configuring the SSL profile with the default alert timeout value to minimize the risk of TMM termination. Restrict access to virtual servers with non-default SSL profile configurations to reduce the attack surface.