K000137796 : BIG-IP SSL profile security exposure

2024-02-1400:00:00

my.f5.com

big-ip

ssl

profile

security

exposure

revocation

crl

certificate

unauthorized

connections

authentication

local file

symptom

software

7 High

AI Score

Confidence

Low

JSON

Security Advisory Description

The BIG-IP system may not honor the revocation status of a certificate present in the certificate revocation list (CRL) file, potentially allowing unauthorized connections.

This issue occurs when all of the following conditions are met:

A ClientSSL or ServerSSL profile has the Certificate Authentication option enabled.
A local CRL file is in use.

Impact

The BIG-IP system may incorrectly allow unauthorized connections that have a revoked certificate.

Symptoms

As a result of this issue, you may encounter the following symptom:

Connections are allowed for clients or servers with revoked certificates.

CPENameOperatorVersion
big-ip next central managereq20.0.1
big-ip next central managereq20.0.2
big-ip next central managereq20.1.0
big-ip next cgnat cnfeq1.1.0
big-ip next cgnat cnfeq1.1.1
big-ip next cgnat cnfeq1.2.0
big-ip next cgnat cnfeq1.2.1
big-ip next dns cnfeq1.1.0
big-ip next dns cnfeq1.1.1
big-ip next dns cnfeq1.2.0

Name	Operator	Version
big-ip next central manager	eq	20.0.1
big-ip next central manager	eq	20.0.2
big-ip next central manager	eq	20.1.0
big-ip next cgnat cnf	eq	1.1.0
big-ip next cgnat cnf	eq	1.1.1
big-ip next cgnat cnf	eq	1.2.0
big-ip next cgnat cnf	eq	1.2.1
big-ip next dns cnf	eq	1.1.0
big-ip next dns cnf	eq	1.1.1
big-ip next dns cnf	eq	1.2.0

Rows per page:

1-10 of 4111

7 High

AI Score

Confidence

Low

JSON