Nikita Abramov, a researcher at Positive Technologies, a supplier of cybersecurity solutions, discovered the security bug and it affects certain versions of BIG-IP Access Policy Management (APM), a protected access solution that simplifies and centralises access to apps, APIs and info. The weakness, according to F5 Networks, is linked to a Traffic Management Microkernel (TMM) portion that processes all load-balanced traffic on BIG-IP systems. “The Traffic Management Microkernel (TMM) stops responding and restarts when a BIG-IP APM virtual server processes traffic of an undisclosed nature,” the supplier explained in an advisory issued in mid-December. Processing of traffic is interrupted as TMM restarts. When the affected BIG-IP system is installed as part of a device party, a failover to the peer device is caused by the system. Abramov noted that it does not take any software to exploit this vulnerability; the attacker merely needs to send a specially designed HTTP request to the server hosting the BIG-IP configuration utility, which blocks access to the device “for a while (until it restarts automatically).” In its advisory, F5 reported that the vulnerability, monitored as CVE-2020-27716 with a high severity ranking, impacts only versions 14.x and 15.x. In both branches, patches that fix the bug are available. Last year, Constructive Technology told F5 of a crucial BIG-IP vulnerability that ended up being abused in the wild, both by profit-driven cybercriminals and state-sponsored cyberspies.
