OpenSSL vulnerability CVE-2016-2183

2016-10-04T21:14:00
ID F5:K13167034
Type f5
Reporter f5
Modified 2020-02-27T06:22:00

Description

F5 Product Development has assigned IDs 615267, 615271, 615270, 615269, 615268, and 615274 (BIG-IP), ID 410742 (ARX), ID 616861 (BIG-IQ and F5 iWorkflow), ID 616862 (Enterprise Manager), ID 528809 (FirePass), and LRS-60936 (LineRate) to this vulnerability. Additionally, BIG-IP iHealth may list Heuristic H13167034, H13167034-1, H13167034-2, and H13167034-3 on the Diagnostics > Identified > Medium page.

To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table.

Product | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature
---|---|---|---|---
BIG-IP LTM | 13.0.0
12.0.0 - 12.1.2
11.2.1 - 11.6.5
10.2.1 - 10.2.4 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 HF1 - 13.1.3
12.1.2 HF1 - 12.1.5 | Medium | SSL profiles (client/server)
15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.2.1 - 11.6.5 | None | Medium | IPSec
15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.2.1 - 11.6.5
10.2.4 | None | Medium | tamd
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.2.1 - 11.6.5
10.2.4 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2 | Medium | Apache mod_ssl
13.0.0 - 13.0.1
12.0.0 - 12.1.5
11.2.1 - 11.6.5
10.2.1 - 10.2.4 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.1.0 - 13.1.3 | Medium | Big3d
BIG-IP (AAM, PEM) | 13.0.0
12.0.0 - 12.1.2
11.4.0 - 11.6.5 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 HF1 - 13.1.3
12.1.2 HF1 - 12.1.5 | Medium | SSL profiles (client/server)
15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.2.1 - 11.6.5 | None | Medium | IPSec, tamd
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.4.0 - 11.6.5 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2 | Medium | Apache mod_ssl
13.0.0 - 13.0.1
12.0.0 - 12.1.5
11.4.0 - 11.6.5 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.1.0 - 13.1.3 | Medium | Big3d
BIG-IP AFM | 12.1.0 - 12.1.3 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 - 13.1.3
12.1.3.4 - 12.1.5 | Medium | SSH Proxy
13.0.0
12.0.0 - 12.1.2
11.4.0 - 11.6.5 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 HF1 - 13.1.3
12.1.2 HF1 - 12.1.5 | Medium | SSL profiles (client/server)
15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.4.0 - 11.6.5 | None | Medium | IPSec, tamd
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.4.0 - 11.6.5 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2 | Medium | Apache mod_ssl
13.0.0 - 13.0.1
12.0.0 - 12.1.5
11.4.0 - 11.6.5 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.1.0 - 13.1.3 | Medium | Big3d
BIG-IP Analytics | 13.0.0
12.0.0 - 12.1.2
11.2.1 - 11.6.5 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 HF1 - 13.1.3
12.1.2 HF1 - 12.1.5 | Medium | SSL profiles (client/server)
15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.2.1 - 11.6.5 | None | Medium | IPSec, tamd
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.2.1 - 11.6.5 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2 | Medium | Apache mod_ssl
13.0.0 - 13.0.1
12.0.0 - 12.1.5
11.2.1 - 11.6.5 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.1.0 - 13.1.3 | Medium | Big3d
BIG-IP APM | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.2.1 - 11.6.5
10.2.1 - 10.2.4 | None | Medium | Oracle Access Manager, tamd
13.0.0
12.0.0 - 12.1.2
11.2.1 - 11.6.5
10.2.1 - 10.2.4 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 HF1 - 13.1.3
12.1.2 HF1 - 12.1.5 | Medium | SSL profiles (client/server)
15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.2.1 - 11.6.5 | None | Medium | IPSec
15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.2.1 - 11.6.5
10.2.1 - 10.2.4 | None | Medium | tamd
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.2.1 - 11.6.5
10.2.1 - 10.2.4 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2 | Medium | Apache mod_ssl
13.0.0 - 13.0.1
12.0.0 - 12.1.5
11.2.1 - 11.6.5
10.2.1 - 10.2.4 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.1.0 - 13.1.3 | Medium | Big3d
BIG-IP ASM | 13.0.0
12.0.0 - 12.1.2
11.2.1 - 11.6.5
10.2.1 - 10.2.4 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 HF1 - 13.1.3
12.1.2 HF1 - 12.1.5 | Medium | SSL profiles (client/server)
15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.2.1 - 11.6.5 | None | Medium | IPSec
15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.2.1 - 11.6.5
10.2.1 - 10.2.4 | None | Medium | tamd
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.2.1 - 11.6.5
10.2.1 - 10.2.4 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2 | Medium | Apache mod_ssl
13.0.0 - 13.0.1
12.0.0 - 12.1.5
11.2.1 - 11.6.5
10.2.1 - 10.2.4 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.1.0 - 13.1.3 | Medium | Big3d
BIG-IP DNS | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 - 13.1.3
12.0.0 - 12.1.5 | None | Medium | tamd
13.0.0 - 13.1.3
12.0.0 - 12.1.5 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2 | Medium | Apache mod_ssl
13.0.0 - 13.0.1
12.0.0 - 12.1.5 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.1.0 - 13.1.3 | Medium | Big3d
BIG-IP Edge Gateway | 11.2.1
10.2.1 - 10.2.4 | None | Medium | SSL profiles (client/server)
11.2.1 | None | Medium | IPSec
11.2.1
10.2.1 - 10.2.4 | None | Medium | tamd
11.2.1
10.2.1 - 10.2.4 | None | Medium | Apache mod_ssl
11.2.1
10.2.1 - 10.2.4 | None | Medium | Big3d
BIG-IP GTM | 11.4.0 - 11.6.5
11.2.1
10.2.1 - 10.2.4 | None | Medium | tamd
11.4.0 - 11.6.5
11.2.1
10.2.1 - 10.2.4 | None | Medium | Apache mod_ssl
11.4.0 - 11.6.5
11.2.1
10.2.1 - 10.2.4 | None | Medium | Big3d
BIG-IP Link Controller | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 - 13.1.3
11.2.1 - 11.6.5 | None | Medium | IPSec
15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.0.0 - 13.1.3
11.2.1 - 11.6.5
10.2.1 - 10.2.4 | None | Medium | tamd
13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.2.1 - 11.6.5
10.2.1 - 10.2.4 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2 | Medium | Apache mod_ssl
13.0.0 - 13.0.1
12.0.0 - 12.1.5
11.2.1 - 11.6.5
10.2.1 - 10.2.4 | 15.0.0 - 15.1.0
14.0.0 - 14.1.2
13.1.0 - 13.1.3 | Medium | Big3d
BIG-IP PSM | 11.4.0 - 11.4.1
10.2.1 - 10.2.4 | None | Medium | SSL profiles (client/server)
11.4.0 - 11.4.1 | None | Medium | IPSec
11.4.0 - 11.4.1
10.2.1 - 10.2.4 | None | Medium | tamd
11.4.0 - 11.4.1
10.2.1 - 10.2.4 | None | Medium | Apache mod_ssl
11.4.0 - 11.4.1
10.2.1 - 10.2.4 | None | Medium | Big3d
BIG-IP (WebAccelerator, WOM) | 11.2.1 - 11.3.0
10.2.1 - 10.2.4 | None | Medium | SSL profiles (client/server)
11.2.1 - 11.3.0 | None | Medium | IPSec
11.2.1 - 11.3.0
10.2.1 - 10.2.4 | None | Medium | tamd
11.2.1 - 11.3.0
10.2.1 - 10.2.4 | None | Medium | Apache mod_ssl
11.2.1 - 11.3.0
10.2.1 - 10.2.4 | None | Medium | Big3d
BIG-IP WebSafe | None | 13.0.0 - 13.1.3
12.0.0 - 12.1.5
11.6.0 - 11.6.5 | Not vulnerable

| None
ARX | 6.2.0 - 6.4.0 | None | Low | OpenSSL
Enterprise Manager | 3.1.1 | None | Medium | Apache
OpenSSH
Big3d
FirePass | 7.0.0 | None | Low | OpenSSL
BIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Medium | Webd
OpenSSH
Big3d
BIG-IQ Device | 4.2.0 - 4.5.0 | None | Medium | Webd
OpenSSH
Big3d
BIG-IQ Security | 4.0.0 - 4.5.0 | None | Medium | Webd
OpenSSH
Big3d
BIG-IQ ADC | 4.5.0 | None | Medium | Webd
OpenSSH
Big3d
BIG-IQ Centralized Management | 5.0.0 - 7.0.0.1
4.6.0 | None | Medium | Webd
5.0.0 - 7.0.0.1
4.6.0 | None | Medium | OpenSSH
5.0.0 - 5.1.0
4.6.0 | 5.2.0 - 5.4.0 | Medium | Big3d
BIG-IQ Cloud and Orchestration | 1.0.0 | None | Medium | Webd
OpenSSH
Big3d
F5 iWorkflow | 2.0.0 - 2.3.0 | None | Medium | Apache
OpenSSH
Big3d
LineRate | 2.5.0 - 2.6.1 | None | Low | SSL/TLS
Traffix SDC | 5.1.0 | None | Low | OpenSSL
Network Security Services, NSS
5.0.0
4.0.0 - 4.4.0 | None | Low | OpenSSL

1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

To determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems.

Mitigation

The following mitigation options are available for the BIG-IP system:

SSL profiles

You can mitigate this issue for the SSL profiles by disabling 3DES (DES-CBC3) ciphers for the affected profile. For information about configuring the cipher strength for the SSL profiles, refer to K17370: Configuring the cipher strength for SSL profiles (12.x - 13.x).

Important: The following mitigation will not work for BIG-IP 13.0.0 due to an issue being tracked by F5 Product Development as ID 649369. For assistance mitigating this issue for BIG-IP 13.0.0 please contact F5 Support and reference this article and ID 649369.

You can disable 3DES in SSL profile ciphers by adding !3DES or -3DES to the current cipher string in the Ciphers field.

Note: When you use the ! symbol preceding a cipher, the SSL profile permanently removes the cipher from the cipher list, even if the cipher is explicitly stated later in the cipher string. When you use the - symbol preceding a cipher, the SSL profile removes the cipher from the cipher list, but the cipher can be added back to the cipher list if there are later options that allow it.

For example, if the current cipher string is DEFAULT, the updated cipher string becomes DEFAULT:!3DES.

Some TLS rating sites treat the ability to negotiate 3DES with TLS 1.2 differently than they treat 3DES availability with TLS 1.0 or TLS 1.1. The rationale behind this logic is that legacy clients are not expected to negotiate TLS 1.2 and thus there is no reason for a TLS server to offer 3DES with TLS 1.2. If you want to enable 3DES with TLS 1.0 and TLS 1.1 only, but not TLS 1.2, you can use the following cipher string:

-3DES:TLSv1_1+3DES:TLSv1+3DES.

For example, if the current cipher string is DEFAULT, the updated cipher string becomes DEFAULT:-3DES:TLSv1_1+3DES:TLSv1+3DES.

Beginning in 12.1.2 HF1 the BIG-IP system implements the TLS session data limit for 3DES that makes the use of 3DES secure on the BIG-IP system in reference to the SWEET32 attack. Unfortunately, SSL rating sites cannot easily detect the presence of this fix. Auditing this fix requires sending of over 1 GB of data in a single TLS session.

For earlier versions of BIG-IP systems without the data limit fix, you should take the following alternative steps when 3DES is enabled. Note that you do not need to take the following steps if only modern block ciphers are enabled, such as AES or CAMELIA.

Alternatively, if disabling 3DES ciphers is not possible and you are running a version earlier than 12.1.2 HF1, you can modify the SSL profile and set the Renegotiation Size setting to 1 GB. To do so, perform the following procedure:

Impact of procedure: Performing the following procedure should not have a negative impact on your system.

  1. Log in to the TMOS Shell (tmsh) by typing the following command:

tmsh

  1. Change the renegotiation size to 1 GB for the profile using the following command syntax:

modify /ltm profile client-ssl <profile_name> renegotiate-size 1000

For example, the following command changes the renegotiation size to 1 GB for the SSL profile named MyClientSSL:

modify /ltm profile client-ssl MyClientSSL renegotiate-size 1000

  1. Save the changes by typing the following command:

save /sys config

Authentication profiles (tamd)

To mitigate this issue, disable 3DES on the server side to prevent negotiation of the vulnerable cipher.

Configuration utility

To mitigate this vulnerability for the Configuration utility, you should permit management access to F5 products only over a secure network. For more information, refer to K13092: Overview of securing access to the BIG-IP system.

BIG-IP APM - Oracle Access Manager

To mitigate this vulnerability for Oracle Access Manager (OAM), you should monitor traffic patterns between the BIG-IP system and back-end OAM systems for traffic anomalies, or force rekeying on an appropriate interval on their application server.

IPsec

To mitigate this vulnerability for IPsec, in your IPsec policy, you should use AES ciphers, or if you cannot use AES ciphers, configure the KBLifetime to 1048576 KB (1 GB) or less.

BIG-IQ

big3d

To mitigate this vulnerability for the big3d component of BIG-IQ, perform the following procedure:

Impact of procedure: BIG-IQ does not use the big3d component and F5 product development has removed it starting in BIG-IQ 5.2.0. Performing the following procedure should not have a negative impact on your system.

  1. Log in to tmsh by typing the following command:

tmsh

  1. Disable the big3d component which will stop the service and prevent it from starting on subsequent reboots by typing the following command:

modify /sys service big3d disable

OpenSSH

To mitigate this vulnerability for the OpenSSH component of the BIG-IQ system, you can disable the 3DES (DES-CBC3) ciphers for the SSH service on your BIG-IQ system. To do so, refer to K80425458: Modifying the list of ciphers and MAC and key exchange algorithms used by the SSH service on the BIG-IP system or BIG-IQ system.

Webd

To mitigate this vulnerability for the Webd component of the BIG-IQ system, you can disable the 3DES (DES-CBC3) ciphers for the Webd service on your BIG-IQ system. To modify the ciphers enabled on the BIG-IQ user interface, refer to K17007: Restricting BIG-IQ user interface access to clients using high-encryption SSL ciphers and protocols. You can disable 3DES in the SSL ciphers by adding !3DES to the current cipher string in the ssl_ciphers field. For example, if the current cipher string is ECDHE-RSA-AES128-GCM-SHA256;, the updated cipher string becomes ECDHE-RSA-AES128-GCM-SHA256:!3DES;.