N/A

On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of "Guest" or greater privilege. Note: "No Access" cannot login so technically it's a role but a user with this access role cannot perform the attack.

N/A

N/A

F5 BIG-IP Application Security Manager 资源管理错误漏洞

F5 BIG-IP Application Security Manager（ASM）是美国F5公司的一款Web应用程序防火墙（WAF），它提供安全的远程接入、保护电子邮件、简化Web接入控制，同时增强网络和应用性能。 F5 BIG-IP ASM中存在安全漏洞。攻击者可利用该漏洞消耗大量内存，终止任意进程。以下产品及版本受到影响：F5 BIG-IP ASM 14.1.0版本至14.1.0.5版本，14.0.0版本至14.0.0.4版本，13.0.0版本至13.1.1.4版本，12.1.0版本至12.1.4

N/A

N/A