📄 Description (English)
When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🤖 AI Executive Summary
CVE-2026-39458 is a denial-of-service vulnerability in F5 BIG-IP DNS profiles with caching enabled that can crash the Traffic Management Microkernel (TMM) when processing specially crafted traffic. With a CVSS score of 7.5 and no patch currently available, this poses significant risk to organizations relying on BIG-IP for DNS and traffic management. The vulnerability affects critical infrastructure components in Saudi Arabia's banking, government, and telecom sectors that depend on F5 load balancers.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 20, 2026 11:49
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses critical risk to Saudi Arabia's financial sector (SAMA-regulated banks, payment processors), government agencies (NCA, ministries), telecommunications providers (STC, Mobily, Zain), and energy sector (ARAMCO). BIG-IP DNS is widely deployed in these sectors for load balancing and traffic management. A successful exploit could cause service disruption, affecting critical DNS resolution and traffic routing. The lack of available patches increases exposure window significantly.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Telecommunications
Energy and Utilities
Healthcare
Critical Infrastructure
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Inventory all F5 BIG-IP deployments with DNS profiles and caching enabled
2. Implement network segmentation to restrict traffic to BIG-IP DNS services from trusted sources only
3. Enable detailed logging and monitoring of TMM crashes and DNS query patterns
4. Establish incident response procedures for BIG-IP service failures
Compensating Controls:
1. Deploy secondary DNS infrastructure to provide failover capability
2. Implement rate limiting and traffic filtering on DNS queries
3. Monitor for abnormal DNS query patterns that could trigger TMM termination
4. Configure BIG-IP alerting for TMM process restarts
5. Disable DNS caching on BIG-IP profiles if operationally feasible, using external DNS caching instead
Detection Rules:
1. Alert on TMM process crashes or unexpected restarts
2. Monitor for unusual DNS query patterns or malformed DNS packets
3. Track DNS response time anomalies
4. Log all configuration changes to DNS profiles
Patching:
1. Monitor F5 security advisories for patch availability
2. Prepare patch testing environment immediately upon patch release
3. Establish expedited patching timeline for production systems
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حصر جميع نشرات F5 BIG-IP مع ملفات تعريف DNS والتخزين المؤقت المفعل
2. تطبيق تقسيم الشبكة لتقييد حركة المرور إلى خدمات BIG-IP DNS من مصادر موثوقة فقط
3. تفعيل التسجيل والمراقبة التفصيلية لأعطال TMM وأنماط استعلامات DNS
4. وضع إجراءات الاستجابة للحوادث لحالات فشل خدمة BIG-IP
الضوابط البديلة:
1. نشر بنية تحتية DNS ثانوية لتوفير قدرة الفشل
2. تطبيق تحديد معدل وتصفية حركة المرور على استعلامات DNS
3. مراقبة أنماط استعلامات DNS غير الطبيعية التي قد تؤدي إلى إنهاء TMM
4. تكوين تنبيهات BIG-IP لإعادة تشغيل عملية TMM
5. تعطيل التخزين المؤقت لـ DNS على ملفات تعريف BIG-IP إن أمكن عملياً
قواعد الكشف:
1. تنبيه عند توقف عملية TMM أو إعادة تشغيل غير متوقعة
2. مراقبة أنماط استعلامات DNS غير العادية أو حزم DNS المشوهة
3. تتبع شذوذ وقت استجابة DNS
4. تسجيل جميع تغييرات التكوين على ملفات تعريف DNS
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.12.2.1 - Change management procedures
ECC 2024 A.8.2.3 - Segregation of duties
ECC 2024 A.12.4.1 - Event logging
🔵 SAMA CSF
ID.RA-1 - Asset management and criticality assessment
PR.IP-12 - System and information integrity
DE.CM-1 - Detection and analysis
RS.RP-1 - Response planning
🟡 ISO 27001:2022
A.12.2.1 - Change management
A.12.6.1 - Management of technical vulnerabilities
A.12.4.1 - Event logging
A.13.1.1 - Network security perimeter
🟣 PCI DSS v4.0.1
Requirement 6.2 - Security patches and updates
Requirement 11.2 - Vulnerability scanning
Requirement 12.2 - Configuration standards
🔗 References & Sources 1