TCP Connection State Change Vulnerability in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, WOM, Analytics, PSM, and WebAccelerator

TCP Connection State Change Vulnerability in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, WOM, Analytics, PSM, and WebAccelerator

CVE-2013-6016 · HIGH Severity

AV:N/AC:L/AU:N/C:N/I:N/A:C

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion failure and TMM restart) via unspecified vectors.

Learn more about our Cis Benchmark Audit For F5.