Denial-of-Service Vulnerability in F5 BIG-IP Affecting Traffic Management Microkernel
CVE-2016-9252

7.5HIGH

Key Information:

Vendor: F5 Networks
Status: F5 Big-ip Ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Psm, Webaccelerator, Websafe
Vendor: CVE Published:; 27 March 2017

🔔 Create F5 Networks Vulnerability Alert

What is CVE-2016-9252?

The Traffic Management Microkernel (TMM) in F5 BIG-IP versions prior to 11.5.4 HF3, 11.6.x before 11.6.1 HF2, and 12.x before 12.1.2 has a flaw in handling minimum path MTU options for IPv6. This vulnerability enables remote attackers to leverage unspecified vectors to trigger a Denial-of-Service (DoS) condition, ultimately impacting the availability of the affected systems.

Affected Version(s)

F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.2.1, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1

References

https://support.f5.com/csp/article/K46535047

x_refsource_CONFIRM

http://www.securitytracker.com/id/1038132

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2017
Vulnerability Reserved
Nov 9, 2016