Last Modified: Jun 19, 2025
Affected Product(s):
BIG-IP AFM, Install/Upgrade
Known Affected Versions:
17.1.2.1, 17.1.2.2
Opened: May 22, 2025 Severity: 3-Major
After upgrading BIG-IP AFM from 15.1.8 to 17.1.2, DoS vectors (especially "Non TCP connection") are triggered and start attack detected, even though there is no actual attack or stress (CPU usage is low). The detection threshold is set to 0, causing false positives.
Logs show attack detection with thresholds at 0, despite no actual stress or attack. This leads to immediate and incorrect attack detection, causing false alarm even when there is no actual attack or system stress.
-- Upgrade from 15.1.8 to 17.1.2 (with EHF/instrumented TMM). -- Device becomes Active after upgrade/failover. -- AFM Device DoS vectors in Fully Auto mode.
None
None