Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

TMM vulnerability CVE-2021-23011

THE_BLUE
Cirrus
Cirrus

‎30-Apr-2021 05:08

what does this mean ?and how to check this ?

The Traffic Management Microkernel (TMM) generates a core file and restarts. When configured as part of a high availability (HA) device group, the BIG-IP system fails over to the peer device.

 

Labels:
0 Kudos
3 REPLIES 3

jaikumar_f5
MVP
MVP

‎30-Apr-2021 06:15

From the article - https://support.f5.com/csp/article/K10751325, here's what i understand.

A specially crafted traffic when sent to the application, may start to consume much memory & leading it to trigger tmm restart followed by core log generation.

 

When this happens, all the tmm traffic would be dropped & interfaces go down & come back up.

So this is basically a DDOS attack.

 

At present, there's no disclosure of this exploit in the internet.

0 Kudos

THE_BLUE
Cirrus
Cirrus

‎02-May-2021 11:42

so how to check this " When configured as part of a high availability (HA) device group, the BIG-IP system fails over to the peer device." ?

and it seems we have to upgrade the system to fix this vulnerability.

0 Kudos

jaikumar_f5
MVP
MVP
In response to THE_BLUE

‎03-May-2021 04:01

This means Active-Standby setup.

The easiest way would be to login to the devices, do you see Active - In Sync or Active - Standalone.

 

 

0 Kudos
Copyright © 2023 Khoros, LLC