7.1 High
AI Score
Confidence
High
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.966 High
EPSS
Percentile
99.5%
Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5 security vulnerability response policy.
F5 products and versions that _have been evaluated for _this Security Advisory
Product | Affected | Not Affected |
---|---|---|
BIG-IP LTM | *9.x | |
*10.0.0 - 10.1.0 | 10.2.x | |
11.x | ||
BIG-IP GTM | *9.x | |
*10.0.0 - 10.1.0 | 10.2.x | |
11.x | ||
BIG-IP ASM | *9.x | |
*10.0.0 - 10.1.0 | 10.2.x | |
11.x | ||
BIG-IP Link Controller | *9.x | |
*10.0.0 - 10.1.0 | 10.2.x | |
11.x | ||
BIG-IP WebAccelerator | *9.x | |
*10.0.0 - 10.1.0 | 10.2.x | |
11.x | ||
BIG-IP PSM | *9.x | |
*10.0.0 - 10.1.0 | 10.2.x | |
11.x | ||
BIG-IP WAN Optimization | *10.0.0 - 10.1.0 | 10.2.x |
11.x | ||
BIG-IP APM | *10.0.0 - 10.1.0 | 10.2.x |
11.x | ||
BIG-IP Edge Gateway | *10.0.0 - 10.1.0 | 10.2.x |
11.x | ||
BIG-IP Analytics | None | 11.x |
BIG-IP AFM | None | 11.x |
BIG-IP PEM | ||
None | 11.x | |
BIG-IP AAM | None | 11.x |
FirePass | None | 5.x |
6.x | ||
7.x | ||
Enterprise Manager |
*1.2.0 - 1.8.0
*2.0.0
| 2.1.0
2.2.x
2.3.x
3.x
ARX| None| 2.x
3.x
4.x
5.x
6.x
*F5 Product Development has determined that these BIG-IP and Enterprise Manager versions use a vulnerable version of NTP. However, the vulnerable code is not used by default on these BIG-IP or Enterprise Manager systems. These products are only vulnerable if NTP was manually configured and enabled to be an update server.
Vulnerability description
An ntpd vulnerability in NTP allows a remote attacker to cause a denial of service (DOS).
Information about this advisory is available at the following location:
<https://vulners.com/cve/CVE-2009-3563>
F5 Development tracked this issue as ID 241719 (Formerly CR131466) and it was fixed in BIG-IP 10.2.0. For information about upgrading, refer to the BIG-IP LTM, ASM, GTM, Link Controller, PSM, WebAccelerator, APM, WOM, or Edge Gateway release notes.