Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Apr 30, 2021

TMM vulnerability CVE-2021-23011

what does this mean ?and how to check this ?

The Traffic Management Microkernel (TMM) generates a core file and restarts. When configured as part of a high availability (HA) device group, the BIG-IP system fails over to the peer device.

 

3 Replies

  • From the article - https://support.f5.com/csp/article/K10751325, here's what i understand.

    A specially crafted traffic when sent to the application, may start to consume much memory & leading it to trigger tmm restart followed by core log generation.

     

    When this happens, all the tmm traffic would be dropped & interfaces go down & come back up.

    So this is basically a DDOS attack.

     

    At present, there's no disclosure of this exploit in the internet.

  • so how to check this " When configured as part of a high availability (HA) device group, the BIG-IP system fails over to the peer device." ?

    and it seems we have to upgrade the system to fix this vulnerability.

    • This means Active-Standby setup.

      The easiest way would be to login to the devices, do you see Active - In Sync or Active - Standalone.