CVE-2024-21771 — Allocation of Resources Without Limits or Throttling in F5 Big-ip

CWE-770 — Allocation of Resources Without Limits or Throttling4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 49.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip F5 Big-ip Advanced Firewall Manager

Timeline

PublishedFeb 14

Description

For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5f5/big-ip17.1.0 — 17.1.1+2

▶NVDf5/big-ip_advanced_firewall_manager15.1.0 — 15.1.9+2

🔴Vulnerability Details

CVEList

F5 AFM Signature Matching Vulnerability↗2024-02-14

▶

GHSA

GHSA-8gwr-pghr-44v9: For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Tr↗2024-02-14

▶

📋Vendor Advisories

CVE-2024-21771: For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic ag...↗2024-02-14

▶