NTP vulnerability CVE-2015-5300

2015-11-18T01:53:00
ID F5:K10600056
Type f5
Reporter f5
Modified 2017-03-14T19:23:00

Description

F5 Product Development has assigned ID 554624 (BIG-IP), ID 555233 (BIG-IQ), ID 555235 (Enterprise Manager), ID 507785 (ARX), and ID LRS-60468 (LineRate) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, BIG-IP iHealth may list Heuristic H558505 on the Diagnostics > Identified > High screen.

To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:

Product| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature
---|---|---|---|---
BIG-IP LTM| 12.0.0
11.6.0
11.0.0 - 11.5.3
10.1.0 - 10.2.4| 12.1.0
12.0.0 HF3
11.6.1
11.5.4| High| NTP
BIG-IP AAM| 12.0.0
11.6.0
11.4.0 - 11.5.3| 12.1.0
12.0.0 HF3
11.6.1
11.5.4| High| NTP
BIG-IP AFM| 12.0.0
11.6.0
11.3.0 - 11.5.3| 12.1.0
12.0.0 HF3
11.6.1
11.5.4| High| NTP
BIG-IP Analytics| 12.0.0
11.6.0
11.0.0 - 11.5.3| 12.1.0
12.0.0 HF3
11.6.1
11.5.4| High| NTP
BIG-IP APM| 12.0.0
11.6.0
11.0.0 - 11.5.3
10.1.0 - 10.2.4| 12.1.0
12.0.0 HF3
11.6.1
11.5.4| High| NTP
BIG-IP ASM| 12.0.0
11.6.0
11.0.0 - 11.5.3
10.1.0 - 10.2.4| 12.1.0
12.0.0 HF3
11.6.1
11.5.4| High| NTP
BIG-IP DNS| 12.0.0| 12.1.0
12.0.0 HF3| High| NTP
BIG-IP Edge Gateway| 11.0.0 - 11.3.0
10.1.0 - 10.2.4| None| High| NTP
BIG-IP GTM| 11.6.0
11.0.0 - 11.5.3
10.1.0 - 10.2.4| 11.6.1
11.5.4| High| NTP
BIG-IP Link Controller| 12.0.0
11.6.0
11.0.0 - 11.5.3
10.1.0 - 10.2.4| 12.1.0
12.0.0 HF3
11.6.1
11.5.4| High| NTP
BIG-IP PEM| 12.0.0
11.6.0
11.3.0 - 11.5.3| 12.1.0
12.0.0 HF3
11.6.1
11.5.4| High| NTP
BIG-IP PSM| 11.0.0 - 11.4.1
10.1.0 - 10.2.4| None| High| NTP
BIG-IP WebAccelerator| 11.0.0 - 11.3.0
10.1.0 - 10.2.4| None| High| NTP
BIG-IP WOM| 11.0.0 - 11.3.0
10.1.0 - 10.2.4| None| High| NTP
ARX| 6.0.0 - 6.4.0| None| Low| NTP
Enterprise Manager| 3.0.0 - 3.1.1 HF5| 3.1.1 HF6| High| NTP
FirePass| None| 7.0.0
6.0.0 - 6.1.0| Not vulnerable| None
BIG-IQ Cloud| 4.0.0 - 4.5.0| None| High| NTP
BIG-IQ Device| 4.2.0 - 4.5.0| None| High| NTP
BIG-IQ Security| 4.0.0 - 4.5.0| None| High| NTP
BIG-IQ ADC| 4.5.0| None| High| NTP
BIG-IQ Centralized Management| 4.6.0| 5.0.0| High| NTP
BIG-IQ Cloud and Orchestration| 1.0.0| None| High| NTP
F5 iWorkflow| None| 2.0.0| Not vulnerable| None
LineRate| 2.5.0 - 2.6.1| None| Medium| NTP
F5 WebSafe| None| 1.0.0| Not vulnerable| None
Traffix SDC| 4.0.0 - 4.4.0
3.3.2 - 3.5.1| None| Low| NTP

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

To mitigate this vulnerability, you can restrict network access of NTP services to trusted hosts only. Additionally, ntp.org recommends that you implement an NTP strategy using time source diversity and upstream time server quantity that utilizes multiple, trusted NTP servers. This does not fully remove the risk, but will make it more difficult for a potential attacker to exploit the vulnerability.