CVE-2024-41164: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

A vulnerability has been identified in F5's BIG-IP systems when TCP profile with Multipath TCP (MPTCP) is enabled on a Virtual Server. The vulnerability, tracked as CVE-2024-41164, was disclosed on August 14, 2024, and affects multiple BIG-IP versions including 15.1.0-15.1.1, 16.1.0-16.1.5, and 17.1.0. This security flaw has been assigned a CVSS v3.1 base score of 7.5 (High) by NIST (NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) issue. When specific conditions are met with undisclosed traffic patterns, it can cause the Traffic Management Microkernel (TMM) to terminate. The vulnerability has been assessed with different CVSS scores: NIST assigned a CVSS v3.1 base score of 7.5 (High) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, while F5 Networks assigned a CVSS v4.0 score of 8.2 (High) with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L (NVD).

The primary impact of this vulnerability is on system availability. When successfully exploited, it can cause the Traffic Management Microkernel (TMM) to terminate, potentially leading to service disruption. The vulnerability specifically affects systems where TCP profile with Multipath TCP is enabled on a Virtual Server (CVE).

F5 has addressed this vulnerability in specific versions of their products. The affected versions include BIG-IP 15.1.0-15.1.1, 16.1.0-16.1.5, and 17.1.0. Users should upgrade to the patched versions as specified in the vendor advisory. Note that software versions which have reached End of Technical Support (EoTS) are not evaluated (F5 Advisory).