K43404629 : F5 SSH server key size vulnerability CVE-2020-5917

2020-08-2600:00:00

my.f5.com

0.002 Low

EPSS

Percentile

53.9%

JSON

Security Advisory Description

The BIG-IP and BIG-IQ host OpenSSH servers use keys less than 2048 bits that are no longer considered secure. (CVE-2020-5917)

Impact

The BIG-IP system may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. Some security scanners, such as the Qualys Scanner, recognize that the OpenSSH server uses 1024-bit digital signature algorithm (DSA) keys and reports it as vulnerable (QID 38733).

For adequate security, current best practices require 2048-bit and longer RSA keys. For more information, refer to NIST Special Publication 800-131A Revision 2: Transitioning the Use of Cryptographic Algorithms and Key Lengths.

CPENameOperatorVersion
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-iq centralized managementeq7.1.0
big-iq centralized managementeq8.0.0
big-ip afmeq11.5.10

Name	Operator	Version
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-iq centralized management	eq	7.1.0
big-iq centralized management	eq	8.0.0
big-ip afm	eq	11.5.10

Rows per page:

1-10 of 2901

0.002 Low

EPSS

Percentile

53.9%

JSON

Related for F5:K43404629