Intrusion PreventionF5.BIG-IP.TMM.URI.Normalization.Buffer.Overflow
Description
This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in F5 BIG-IP Traffic Management Microkernel (TMM).
The vulnerability is due to an input validation error when normalizing invalid IPv6 hostnames. A remote attacker may be able to exploit this to execute arbitrary code or lead to a denial of service condition within the context of the application, via a crafted HTTP request.
Outbreak Alert
The 2 most critical vulnerabilities allow a remote attacker with access to the user interface (or REST API via the user interface) to gain full control of the system and execute arbitrary system commands, create or delete files, and disable services. The most critical is unauthenticated. Exploitation can lead to complete system compromise. The U.S. Cybersecurity and Infrastructure Agency (CISA) has urged companies using BIG-IP and BIG-IQ to fix the critical F5 flaws.
Affected Products
BIG-IP 16.0.0-16.0.1
BIG-IP 15.1.0-15.1.2
BIG-IP 14.1.0-14.1.3
BIG-IP 13.1.0-13.1.3
BIG-IP 12.1.0-12.1.5
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://support.f5.com/csp/article/K56715231
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2024-05-29 | 28.795 |
Modified
|
Name:F5. BIG. IP. TMM. URI. Normalization. Buffer. Overflow:F5. BIG-IP. TMM. URI. Normalization. Buffer. Overflow |
| 2021-04-01 | 18.050 |
Modified
|
Default_action:pass:drop |
| 2021-03-22 | 18.042 |
Modified
|
Sig Added |
| 2021-03-17 | 18.039 |
New
|
|
| 2021-03-17 | 18.038 |
Removed
|
|
| 2021-03-17 | 18.037 |
New
|
