This security bulletin contains one medium risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond. A remote attacker can send specially crafted request to the system and cause the Traffic Management Microkernel (TMM) to terminate.Mitigation
Install update from vendor's website.Vulnerable software versions
BIG-IP: 15.1.0 - 16.1.3
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?