Lucene search
F5F5:K000135873HistoryFeb 14, 2024 - 12:00 a.m.
K000135873 : BIG-IP Websockets vulnerability CVE-2024-21849
2024-02-1400:00:00
my.f5.com
17
advanced waf
websockets profile
traffic disruption
tmm process
denial-of-service
remote unauthenticated attacker
data plane issue
big-ip system
Security Advisory Description
When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. (CVE-2024-21849)
Impact
Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.
Related
nvd
nvd
CVE-2024-21849
2024-02-14 17:15:12
prion
prion
Code injection
2024-02-14 17:15:00
cve
cve
CVE-2024-21849
2024-02-14 17:15:12
cvelist
cvelist
CVE-2024-21849 BIG-IP Websockets vulnerability
2024-02-14 16:30:21
nessus
nessus
F5 Networks BIG-IP : BIG-IP Websockets vulnerability (K000135873)
2024-02-14 00:00:00
vulnrichment
vulnrichment
CVE-2024-21849 BIG-IP Websockets vulnerability
2024-02-14 16:30:21
f5
f5
K000138353 : Quarterly Security Notification (February 2024)
2024-02-14 00:00:00