TCP Options Handling Vulnerability in F5 BIG-IP Products
CVE-2015-8240

7.5HIGH

Key Information:

Vendor: F5
Status: Big-ip Analytics; Big-ip Link Controller; Big-ip Protocol Security Module; Big-ip Application Security Manager
Vendor: CVE Published:; 11 April 2016

What is CVE-2015-8240?

The Traffic Management Microkernel (TMM) in F5 BIG-IP products does not adequately process TCP options, which creates a potential denial of service risk. Attackers can exploit this vulnerability through unspecified vectors, thereby compromising system availability and impacting services reliant on BIG-IP functionalities. It is crucial for users and administrators of these products to apply appropriate patches and monitor for unusual behavior.

References

https://support.f5.com/kb/en-us/solutions/public/k/06/sol...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1035367

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2016
Vulnerability Reserved
Nov 18, 2015