CVE-2024-21849: 
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

CVE-2024-21849 is a vulnerability affecting F5's BIG-IP Advanced WAF/ASM when configured with Websockets profile on a virtual server. The vulnerability was disclosed on February 14, 2024, and affects BIG-IP versions 16.1.0-16.1.3 and 17.1.0. This security issue can lead to the termination of the Traffic Management Microkernel (TMM) process under specific conditions (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue specifically occurs when both an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, where certain undisclosed traffic patterns can trigger the termination of the TMM process (NVD).

When successfully exploited, this vulnerability results in a denial of service condition through the termination of the Traffic Management Microkernel (TMM) process, which could affect the availability of the BIG-IP system services (ASEC).

F5 has released patches to address this vulnerability. Users are advised to upgrade to BIG-IP version 16.1.4 or 17.1.1, depending on their current version. These updates have been made available as part of F5's February 2024 security update (ASEC).