Termination of Traffic Management Microkernel (TMM) Due to Non-Default SSL Profile Configuration

CVE-2024-28889

5.9MEDIUM

Key Information

Vendor: F5
Status: Big-ip
Vendor: CVE Published:; 8 May 2024

Summary

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Version(s)

BIG-IP < 17.1.1.3

BIG-IP < 16.1.4.3

BIG-IP < 15.1.10.4

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 8, 2024
Vulnerability Reserved.
Apr 24, 2024

Collectors

NVD DatabaseMitre Database

Key Information

Summary

Affected Version(s)

CVSS V3.1

Timeline

Collectors

Credit