F5 Networks BIG-IP HTTP/2 DoS (K000133467)

high Nessus Plugin ID 183047

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0.3 / 16.1.4.1.
It is, therefore, affected by a vulnerability as referenced in the K000133467 advisory.
Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server. TMM can also terminate when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled, regardless of the presence of the iRule.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K000133467.

See Also

https://support.f5.com/csp/article/K000133467

Plugin Details

Severity: High

ID: 183047

File Name: f5_bigip_SOL000133467.nasl

Version: 1.3

Type: local

Published: 10/13/2023

Updated: 5/10/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2023-40534

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_domain_name_system, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/a:f5:big-ip_wan_optimization_manager, cpe:/h:f5:big-ip_protocol_security_manager, cpe:/h:f5:big-ip

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/10/2023

Vulnerability Publication Date: 10/10/2023

Reference Information

CVE: CVE-2023-40534

IAVA: 2023-A-0537-S