Denial of Service Vulnerability in F5 BIG-IP Software Versions 12.0.0 to 12.1.2 and 11.6.0 to 11.6.1 with MPTCP Option Enabled

Denial of Service Vulnerability in F5 BIG-IP Software Versions 12.0.0 to 12.1.2 and 11.6.0 to 11.6.1 with MPTCP Option Enabled

CVE-2017-6159 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic.

Learn more about our Web App Pen Testing.