cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

TMM vulnerability CVE-2021-23011

THE_BLUE
Cirrus
Cirrus

what does this mean ?and how to check this ?

The Traffic Management Microkernel (TMM) generates a core file and restarts. When configured as part of a high availability (HA) device group, the BIG-IP system fails over to the peer device.

 

3 REPLIES 3

From the article - https://support.f5.com/csp/article/K10751325, here's what i understand.

A specially crafted traffic when sent to the application, may start to consume much memory & leading it to trigger tmm restart followed by core log generation.

 

When this happens, all the tmm traffic would be dropped & interfaces go down & come back up.

So this is basically a DDOS attack.

 

At present, there's no disclosure of this exploit in the internet.

THE_BLUE
Cirrus
Cirrus

so how to check this " When configured as part of a high availability (HA) device group, the BIG-IP system fails over to the peer device." ?

and it seems we have to upgrade the system to fix this vulnerability.

This means Active-Standby setup.

The easiest way would be to login to the devices, do you see Active - In Sync or Active - Standalone.