F5F5:K8108K8108 : OpenSSL vulnerability CVE-2007-3108
9.2 High
AI Score
Confidence
High
1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
12.3%
Security Advisory Description
Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5 security vulnerability response policy.
F5 products and versions that have been evaluated for this Security Advisory
| Product | Affected | Not Affected |
|---|---|---|
| BIG-IP LTM | 9.0.0 - 9.2.5 | |
| 9.3.0 | ||
| 9.4.0 - 9.4.3 | 9.3.1 | |
| 9.4.4 - 9.4.8 | ||
| 9.6.x | ||
| 10.x | ||
| 11.x | ||
| BIG-IP GTM | 9.2.2 - 9.2.5 | |
| 9.3.0 | ||
| 9.4.0 - 9.4.3 | 9.3.1 | |
| 9.4.4 - 9.4.8 | ||
| 10.x | ||
| 11.x | ||
| BIG-IP ASM | 9.2.0 - 9.2.5 | |
| 9.3.0 | ||
| 9.4.0 - 9.4.3 | 9.3.1 | |
| 9.4.4 - 9.4.8 | ||
| 10.x | ||
| 11.x | ||
| BIG-IP Link Controller | 9.2.2 - 9.2.5 | |
| 9.3.0 | ||
| 9.4.0 - 9.4.3 | 9.3.1 | |
| 9.4.4 - 9.4.8 | ||
| 10.x | ||
| 11.x | ||
| BIG-IP WebAccelerator | 9.4.0 - 9.4.3 | 9.4.4 - 9.4.8 |
| 10.x | ||
| 11.x | ||
| BIG-IP PSM | None | 9.4.5 - 9.4.8 |
| 10.x | ||
| 11.x | ||
| BIG-IP WAN Optimization | None | 10.x |
| 11.x | ||
| BIG-IP APM | None | 10.x |
| 11.x | ||
| BIG-IP Edge Gateway | None | 10.x |
| 11.x | ||
| BIG-IP Analytics | None | 11.x |
| BIG-IP AFM | None | 11.x |
| BIG-IP PEM | None | 11.x |
| FirePass | None | 3.x |
| 4.x | ||
| 5.x | ||
| 6.x | ||
| 7.x | ||
| Enterprise Manager | 1.0.0 - 1.4.1 | 1.6.0 - 1.8.0 |
| 2.x | ||
| 3.x |
Vulnerability description and product information
F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited remotely.
Information about this advisory is available at the following locations:
<https://vulners.com/cve/CVE-2007-3108>
F5 Product Development tracked this issue as CR84151 for BIG-IP LTM, GTM, ASM, Link Controller and the WebAccelerator module, and it was fixed in BIG-IP versions 9.3.1 and 9.4.4. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, Link Controller and WebAccelerator Release Notes.
F5 Product Development tracked this issue as CR84151 for Enterprise Manager, and it was fixed in version 1.6. For information about upgrading, refer to the Enterprise Manager Release Notes.
Related
9.2 High
AI Score
Confidence
High
1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
12.3%