K43450419 : TMM vulnerability CVE-2020-5871

Security Advisory Description

Undisclosed requests can lead to a denial of service (DoS) when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane exposure. (CVE-2020-5871)

Impact

This vulnerability affects only the virtual server associated with the HTTP/2 profile that has the HTTP MRF Router setting selected. The BIG-IP system may temporarily fail to process traffic as it recovers from a Traffic Management Microkernel (TMM) restart. If the BIG-IP system is configured for high availability (HA), it fails over to a peer system.