When bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded. (CVE-2019-6672)
Impact
The affected BIG-IP AFM system’s CPU usage increases and may cause the legitimate network packets to be dropped or delayed. This reduces the threshold for a denial-of-service (DoS) attack. This does not affect BIG-IP VE deployments, as only the sPVA hardware implementation is affected.