OpenSSL vulnerability CVE-2014-0195

2014-08-14T03:23:00
ID F5:K15356
Type f5
Reporter f5
Modified 2019-05-08T19:26:00

Description

F5 Product Development has assigned ID 465803 (BIG-IP and Enterprise Manager), ID 467656 (BIG-IQ), and ID 466317 (BIG-IP Edge Client) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, BIG-IP iHealth may list Heuristic H467629 on the Diagnostics > Identified > High page.

To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following tables:

Server-side components

Product | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature
---|---|---|---
BIG-IP LTM | 11.0.0 - 11.3.0
10.1.0 - 10.2.4 | 11.6.0
11.4.0 - 11.5.3 | COMPAT SSL ciphers
BIG-IP AAM | None | 11.6.0
11.4.0 - 11.5.3 | None
BIG-IP AFM | 11.3.0 | 11.6.0
11.4.0 - 11.5.3 | COMPAT SSL ciphers
BIG-IP Analytics | 11.0.0 - 11.3.0 | 11.6.0
11.4.0 - 11.5.3 | COMPAT SSL ciphers
BIG-IP APM | 11.0.0 - 11.3.0
10.1.0 - 10.2.4 | 11.6.0
11.4.0 - 11.5.3 | COMPAT SSL ciphers
BIG-IP ASM | 11.0.0 - 11.3.0
10.1.0 - 10.2.4 | 11.6.0
11.4.0 - 11.5.3 | COMPAT SSL ciphers
BIG-IP Edge Gateway | 11.0.0 - 11.3.0
10.1.0 - 10.2.4 | None | COMPAT SSL ciphers
BIG-IP GTM | 11.0.0 - 11.3.0
10.1.0 - 10.2.4 | 11.6.0
11.4.0 - 11.5.3 | COMPAT SSL ciphers
BIG-IP Link Controller | 11.0.0 - 11.3.0
10.1.0 - 10.2.4 | 11.6.0
11.4.0 - 11.5.3 | COMPAT SSL ciphers
BIG-IP PEM | 11.3.0 | 11.6.0
11.4.0 - 11.5.3 | COMPAT SSL ciphers
BIG-IP PSM | 11.0.0 - 11.3.0
10.1.0 - 10.2.4 | 11.4.0 - 11.4.1 | COMPAT SSL ciphers
BIG-IP WebAccelerator | 11.0.0 - 11.3.0
10.1.0 - 10.2.4 | None | COMPAT SSL ciphers
BIG-IP WOM | 11.0.0 - 11.3.0
10.1.0 - 10.2.4 | None | COMPAT SSL ciphers
ARX | None | 6.0.0 - 6.4.0 | None
Enterprise Manager | None | 3.0.0 - 3.1.1
2.1.0 - 2.3.0 | None
FirePass | None | 7.0.0
6.0.0 - 6.1.0 | None
BIG-IQ Cloud | None | 4.0.0 - 4.5.0 | None
BIG-IQ Device | None | 4.2.0 - 4.5.0 | None
BIG-IQ Security | None | 4.0.0 - 4.5.0 | None
BIG-IQ ADC | None | 4.5.0 | None
LineRate | None | 2.3.0 - 2.3.1
2.2.0 - 2.2.4
1.6.0 - 1.6.3 | None

Client-side components

Product | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature
---|---|---|---
BIG-IP LTM | 11.0.0 - 11.5.1
10.1.0 - 10.2.4 | 11.6.0
11.5.2 - 11.5.3 | Host-initiated SSL connections
COMPAT SSL ciphers (11.3.0 and earlier)
BIG-IP AAM | 11.4.0 - 11.5.1 | 11.6.0
11.5.2 - 11.5.3 | Host-initiated SSL connections
BIG-IP AFM | 11.3.0 - 11.5.1 | 11.6.0
11.5.2 - 11.5.3 | Host-initiated SSL connections
COMPAT SSL ciphers (11.3.0 and earlier)
BIG-IP Analytics | 11.0.0 - 11.5.1 | 11.6.0
11.5.2 - 11.5.3 | Host-initiated SSL connections
COMPAT SSL ciphers (11.3.0 and earlier)
BIG-IP APM | 11.0.0 - 11.5.1
10.1.0 - 10.2.4 | 11.6.0
11.5.2 - 11.5.3 | Host-initiated SSL connections
COMPAT SSL ciphers (11.3.0 and earlier)
BIG-IP ASM | 11.0.0 - 11.5.1
10.1.0 - 10.2.4 | 11.6.0
11.5.2 - 11.5.3 | Host-initiated SSL connections
COMPAT SSL ciphers (11.3.0 and earlier)
BIG-IP Edge Gateway | 11.0.0 - 11.3.0
10.1.0 - 10.2.4 | None | Host-initiated SSL connections
COMPAT SSL ciphers (11.3.0 and earlier)
BIG-IP GTM | 11.0.0 - 11.5.1
10.1.0 - 10.2.4 | 11.6.0
11.5.2 - 11.5.3 | Host-initiated SSL connections
COMPAT SSL ciphers (11.3.0 and earlier)
BIG-IP Link Controller | 11.0.0 - 11.5.1
10.1.0 - 10.2.4 | 11.6.0
11.5.2 - 11.5.3 | Host-initiated SSL connections
COMPAT SSL ciphers (11.3.0 and earlier)
BIG-IP PEM | 11.3.0 - 11.5.1 | 11.6.0
11.5.2 - 11.5.3 | Host-initiated SSL connections
COMPAT SSL ciphers (11.3.0 and earlier)
BIG-IP PSM | 11.0.0 - 11.4.1
10.1.0 - 10.2.4 | None | Host-initiated SSL connections
COMPAT SSL ciphers (11.3.0 and earlier)
BIG-IP WebAccelerator | 11.0.0 - 11.3.0
10.1.0 - 10.2.4 | None | Host-initiated SSL connections
COMPAT SSL ciphers (11.3.0 and earlier)
BIG-IP WOM | 11.0.0 - 11.3.0
10.1.0 - 10.2.4 | None | Host-initiated SSL connections
COMPAT SSL ciphers (11.3.0 and earlier)
ARX | None | 6.0.0 - 6.4.0 | None
Enterprise Manager | 3.0.0 - 3.1.1
2.1.0 - 2.3.0 | 3.1.1 HF5 | Host-initiated SSL connections
FirePass | None | 7.0.0
6.0.0 - 6.1.0 | None
BIG-IQ Cloud | 4.0.0 - 4.3.0 | 4.4.0 - 4.5.0 | Host-initiated SSL connections
BIG-IQ Device | 4.2.0 - 4.3.0 | 4.4.0 - 4.5.0 | Host-initiated SSL connections
BIG-IQ Security | 4.0.0 - 4.3.0 | 4.4.0 - 4.5.0 | Host-initiated SSL connections
BIG-IQ ADC | None | 4.5.0 | None
LineRate | None | 2.3.0 - 2.3.1
2.2.0 - 2.2.4
1.6.0 - 1.6.3 | None
BIG-IP Edge Clients for Linux | 6035 - 7071 | 7101.2014.0612.
7100.2014.0612.

7091.2014.0612.
7090.2014.0612.

7080.2014.0624. | VPN
BIG-IP Edge Client for MAC OS X | 6035 - 7071 | 7101.2014.0612.

7100.2014.0612.
7091.2014.0612.

7090.2014.0612.
7080.2014.0624.
| VPN
BIG-IP Edge Client for Windows | 7101. - 7101.2014.0611.
7100. - 7100.2014.0611.
7091. - 7091.2014.0611.
7090. - 7090.2014.0611.
7080. - 7080.2014.0623.
6035 - 7071 | 7101.2014.0612.1847
7100.2014.0612.1847
7091.2014.0612.1950
7090.2014.0612.1853
7080.2014.0624.2054 | VPN (DTLS Only)
BIG-IP Edge Client for iOS | 1.0.0 - 2.0.2 | 2.0.3 | VPN
BIG-IP Edge Client for Android | 1.0.0 - 2.0.4 | 2.0.5 | VPN

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

Mitigation

To mitigate this vulnerability, you should consider the following recommendations: