CVE-2024-23314: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. The vulnerability, identified as CVE-2024-23314, was discovered and disclosed in February 2024, affecting multiple versions of BIG-IP systems including versions 15.1.0-15.1.9, 16.1.0-16.1.4, 17.1.0, and BIG-IP Next SPK versions 1.5.0-1.8.0 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is related to the HTTP/2 configuration and specifically affects the Traffic Management Microkernel (TMM) component. The issue has been classified under CWE-908 (Use of Uninitialized Resource) by F5 Networks (NVD).

The primary impact of this vulnerability is the potential termination of the Traffic Management Microkernel (TMM), which could result in service disruption for affected BIG-IP systems. This availability impact is reflected in the high CVSS score and could affect the normal operation of the system's traffic management capabilities (NVD).

F5 has released patched versions to address this vulnerability. The recommended updates include upgrading to versions 15.1.10, 16.1.4, 17.1.1 for BIG-IP systems, and version 1.8.1 for BIG-IP Next SPK. These updates have been specifically designed to address the HTTP/2 vulnerability and prevent TMM termination (ASEC).