6.1 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.96 High
EPSS
Percentile
99.4%
Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5 security vulnerability response policy.F5 products and versions that have been evaluated for_ _this Security Advisory
Product | Affected | Not Affected |
---|---|---|
BIG-IP LTM | 10.1.0 | 9.x |
10.0.0 - 10.0.1 | ||
10.1.0 HF1 | ||
10.2.x | ||
11.x | ||
BIG-IP GTM | 10.1.0 | 9.x |
10.0.0 - 10.0.1 | ||
10.1.0 HF1 | ||
10.2.x | ||
11.x | ||
BIG-IP ASM | 10.1.0 | 9.x |
10.0.0 - 10.0.1 | ||
10.1.0 HF1 | ||
10.2.x | ||
11.x | ||
BIG-IP Link Controller | 10.1.0 | 9.x |
10.0.0 - 10.0.1 | ||
10.1.0 HF1 | ||
10.2.x | ||
11.x | ||
BIG-IP WebAccelerator | 10.1.0 | 9.x |
10.0.0 - 10.0.1 | ||
10.1.0 HF1 | ||
10.2.x | ||
11.x | ||
BIG-IP PSM | 10.1.0 | 9.x |
10.0.0 - 10.0.1 | ||
10.1.0 HF1 | ||
10.2.x | ||
11.x | ||
BIG-IP WAN Optimization | 10.1.0 | 10.0.0 - 10.0.1 |
10.1.0 HF1 | ||
10.2.x | ||
11.x | ||
BIG-IP APM | 10.1.0 | 10.1.0 HF1 |
10.2.x | ||
11.x | ||
BIG-IP Edge | 10.1.0 | 10.1.0 HF1 |
10.2.x | ||
11.x | ||
BIG-IP Analytics | None | 11.x |
BIG-IP AFM | None | 11.x |
BIG-IP PEM | None | 11.x |
BIG-IP AAM | None | 11.x |
FirePass | None | 5.x |
6.x | ||
7.x | ||
Enterprise Manager | 2.0.0 | 1.x |
2.1.x | ||
2.2.x | ||
2.3.x | ||
3.x | ||
ARX | 5.1.0 - 5.1.9 | 2.x |
3.x | ||
4.x | ||
5.0.1 - 5.0.7 | ||
5.2.0 - 5.3.1 | ||
6.x | ||
Vulnerability description and product informationThessl3_get_recordfunction inssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer de-reference, related to the minor version number. | ||
Information about this advisory is available at the following location: | ||
<https://vulners.com/cve/CVE-2010-0740> | ||
F5 Product Development tracked this issue as CR139154 and it was fixed in Enterprise Manager 2.1.0. For information about upgrading, refer to the Enterprise Manager release notes. | ||
F5 Product Development tracked this issue as ID 38353 and it was fixed in ARX 5.2.0. For information about upgrading, refer to the ARX release notes. | ||
F5 Product Development tracked this issue as CR139154, and it was fixed in BIG-IP 10.2.0. For information about upgrading, refer to the BIG-IP LTM, ASM, GTM, PSM, Link Controller, WebAccelerator, APM, WAN Optimization, or Edge Gateway release notes. | ||
Additionally, this issue was fixed in BIGIP-10.1.0 HF1 issued for BIG-IP 10.1.0. You may download this hotfix or later versions of the hotfix from the F5 Downloads site. | ||
To view a list of the latest available hotfixes, refer to K9502: BIG-IP hotfix matrix. | ||
For information about the F5 hotfix policy, refer to K4918: Overview of F5 critical issue hotfix policy. | ||
For information about managing F5 product hotfixes, refer to K10025: Managing F5 product hotfixes for BIG-IP 10.x systems. | ||
For information about installing 10.x hotfixes on a partitioned system, refer to K9819: Installing a BIG-IP version 10.x hotfix on a partitioned system.** ** |