OpenSSL vulnerability CVE-2015-3196

2015-12-04T22:11:00
ID F5:K55540723
Type f5
Reporter f5
Modified 2017-07-06T08:38:00

Description

F5 Product Development has assigned IDs 560962 and 560969 (BIG-IP) and ID 561897 and 561900 (BIG-IQ) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, BIG-IP iHealth may list Heuristic H55540723 on the Diagnostics > Identified > Low screen.

To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:

Product| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature
---|---|---|---|---
BIG-IP LTM| 12.0.0
11.5.0 - 11.6.1| 12.1.0
12.0.0 HF3
11.0.0 - 11.4.1
10.1.0 - 10.2.4| Low| OpenSSL
BIG-IP AAM| 12.0.0
11.5.0 - 11.6.1| 12.1.0
12.0.0 HF3
11.4.0 - 11.4.1| Low| OpenSSL
BIG-IP AFM| 12.0.0
11.5.0 - 11.6.1| 12.1.0
12.0.0 HF3
11.3.0 - 11.4.1| Low| OpenSSL
BIG-IP Analytics| 12.0.0
11.5.0 - 11.6.1| 12.1.0
12.0.0 HF3
11.0.0 - 11.4.1| Low| OpenSSL
BIG-IP APM| 12.0.0
11.5.0 - 11.6.1| 12.1.0
12.0.0 HF3
11.0.0 - 11.4.1
10.1.0 - 10.2.4| Low| OpenSSL
BIG-IP ASM| 12.0.0
11.5.0 - 11.6.1| 12.1.0
12.0.0 HF3
11.0.0 - 11.4.1
10.1.0 - 10.2.4| Low| OpenSSL
BIG-IP DNS| 12.0.0| 12.1.0
12.0.0 HF3| Low| OpenSSL
BIG-IP Edge Gateway| None| 11.0.0 - 11.3.0
10.1.0 - 10.2.4| Not vulnerable| None
BIG-IP GTM| 11.5.0 - 11.6.1| 11.0.0 - 11.4.1
10.1.0 - 10.2.4| Low| OpenSSL
BIG-IP Link Controller| 12.0.0
11.5.0 - 11.6.1| 12.1.0
12.0.0 HF3
11.0.0 - 11.4.1
10.1.0 - 10.2.4| Low| OpenSSL
BIG-IP PEM| 12.0.0
11.5.0 - 11.6.1| 12.1.0
12.0.0 HF3
11.3.0 - 11.4.1| Low| OpenSSL
BIG-IP PSM| None| 11.0.0 - 11.4.1
10.1.0 - 10.2.4| Not vulnerable| None
BIG-IP WebAccelerator| None| 11.0.0 - 11.3.0
10.1.0 - 10.2.4| Not vulnerable| None
BIG-IP WOM| None| 11.0.0 - 11.3.0
10.1.0 - 10.2.4| Not vulnerable| None
ARX| None| 6.0.0 - 6.4.0| Not vulnerable| None
Enterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None
FirePass| None| 7.0.0
6.0.0 - 6.1.0| Not vulnerable| None
BIG-IQ Cloud| 4.4.0 - 4.5.0| 4.0.0 - 4.3.0| Low| OpenSSL
BIG-IQ Device| 4.4.0 - 4.5.0| 4.2.0 - 4.3.0| Low| OpenSSL
BIG-IQ Security| 4.4.0 - 4.5.0| 4.0.0 - 4.5.0| Low| OpenSSL
BIG-IQ ADC| 4.5.0| None| Low| OpenSSL
BIG-IQ Centralized Management| 4.6.0| 5.0.0| Low| OpenSSL
BIG-IQ Cloud and Orchestration| 1.0.0| None| Low| OpenSSL
Node.js
F5 iWorkflow| None| 2.0.0| Not vulnerable| None
LineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None
F5 WebSafe| None| 1.0.0| Not vulnerable| None
Traffix SDC| None| 4.0.0 - 4.4.0
3.3.2 - 3.5.1| Not vulnerable| None

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.