A security advisory has been posted against F5 systems, relating to ICMP processing and potentially allowing a malicious party to cause a memory leak condition within TMOS.
F5's advisory notice is available here:
https://support.f5.com/kb/en-us/solutions/public/17000/000/sol17047.html
The advisory has been rated by F5 as Severe. RedShield views this as requiring immediate action by administrators of F5 systems which have virtual servers open to the internet.
As a first step, customers should verify the current version of TMOS software in use and compare this with the list of vulnerable versions.
Monitoring of TMOS should include memory usage checks. Errors, logs and SNMP traps produced by any systems coming under stress should be configured to raise tickets with operations teams.
Customers should block ICMP at upstream firewalls where possible; or enable blocking of ICMP by the AFM module if available. Upgrading TMOS to current hotfix versions provides mitigation of this vulnerability, as outlined in the F5 solution linked above.
RedShield Cloud customers are unaffected by this announcement.
Comments