TMM vulnerability CVE-2021-23011

Question

what does this mean ?and how to check this ?

The Traffic Management Microkernel (TMM) generates a core file and restarts. When configured as part of a high availability (HA) device group, the BIG-IP system fails over to the peer device.

jaikumar_f5 · Answer

From the article - https://support.f5.com/csp/article/K10751325, here's what i understand.

A specially crafted traffic when sent to the application, may start to consume much memory & leading it to trigger tmm restart followed by core log generation.

When this happens, all the tmm traffic would be dropped & interfaces go down & come back up.

So this is basically a DDOS attack.

At present, there's no disclosure of this exploit in the internet.

the_blue · Answer

so how to check this " When configured as part of a high availability (HA) device group, the BIG-IP system fails over to the peer device." ?and it seems we have to upgrade the system to fix this vulnerability.

jaikumar_f5 · Answer

This means Active-Standby setup. The easiest way would be to login to the devices, do you see Active - In Sync or Active - Standalone.&nbsp;&nbsp;

Forum Discussion

TMM vulnerability CVE-2021-23011

Recent Discussions

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

Related Content

Mitigating Apache Camel Vulnerability CVE-2025–27636 with F5 Products

Phishing, Malware and Spyware Campaign, BRUTED Tool & CISA’s List Of Exploited Vulnerabilities

Windows Critical RCE Vulnerability, Malicious Solana-py, and EDRKillShifter

Coordinated Vulnerability Disclosure: A Balanced Approach

OWASP Automated Threats - OAT-014 Vulnerability Scanning

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS