5.9 Medium
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.968 High
EPSS
Percentile
99.6%
Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5 security vulnerability response policy.F5 products and versions that have been evaluated for this Security Advisory
Product | Affected | Not Affected |
---|---|---|
BIG-IP LTM | None | 9.x |
10.x | ||
11.x | ||
BIG-IP GTM | None | 9.x |
10.x | ||
11.x | ||
BIG-IP ASM | None | 9.x |
10.x | ||
11.x | ||
BIG-IP Link Controller | None | 9.x |
10.x | ||
11.x | ||
BIG-IP WebAccelerator | None | 9.x |
10.x | ||
11.x | ||
BIG-IP PSM | None | 9.x |
10.x | ||
11.x | ||
BIG-IP WAN Optimization | None | 10.x |
11.x | ||
BIG-IP APM | None | 10.x |
11.x | ||
BIG-IP Edge Gateway | None | 10.x |
11.x | ||
BIG-IP Analytics | None | 11.x |
BIG-IP AFM | None | 11.x |
BIG-IP PEM | None | 11.x |
FirePass | 5.5.2 | |
6.0.0 - 6.0.2 | 5.5.0 - 5.5.1 | |
6.0.3 | ||
6.1.x | ||
7.x | ||
Enterprise Manager | None | 1.x |
2.x | ||
3.x | ||
ARX | None | 2.x |
3.x | ||
4.x | ||
5.x | ||
6.x | ||
This security advisory describes a FirePass SNMP denial-of-service (DoS) vulnerability. SNMP traversing (walking) the OID branch hrSWInstalled in the MIB**HOST-RESOURCES-MIB **on the FirePass controller causes the FirePass SNMP service to crash. Since SNMP access to the FirePass controller is limited to the host(s) and/or network(s) configured by the FirePass administrator, this vulnerability can only be exploited from a trusted host. Additionally, the SNMP read-only or read-write community string configured on the FirePass controller must be known in order to exploit this vulnerability. | ||
This SNMP vulnerability can at most cause DoS of the FirePass SNMP service and cannot cause either unprivileged access to the FirePass controller or DoS of other FirePass services. | ||
Information about this advisory is available at the following location: | ||
<http://www.securityfocus.com/archive/1/493950/30/0/threaded> | ||
F5 Product Development tracked this issue as CR102185 and it was fixed in FirePass 6.0.3. For information about upgrading, refer to the FirePass release notes. | ||
Obtaining and installing patches | ||
You can download patches from the F5 Downloads site for the following products and versions: | ||
Product | Version | Hotfix |
— | — | — |
FirePass | 5.5.2 | hotfix-100973 |
FirePass | 6.0.1 | hotfix-100973 |
FirePass | 6.0.2 | hotfix-100973 |
Important: Although FirePass 5.5.0 and 5.5.1 are not affected by the SNMP vulnerability described in this security advisory, hotfix-100973 has been issued for FirePass 5.5.0 and 5.5.1 to resolve the vulnerability described in K8939: SNMPv3 HMAC verification vulnerability - CVE-2008-0960 - VU#878044.Note: For more information about installing the hotfixes listed above, refer to the readme file on the F5 Downloads site for your version-specific hotfix. | ||
For information about downloading software, refer to K167: Downloading software from F5 Networks. | ||
Workaround | ||
You can reduce the likelihood of this issue by ensuring that the Accessed from fields on the Device Management : Configuration : SNMP page contain only trusted hosts and networks. TheAccessed fromfields are located in theAccess Control section of the Device Management : Configuration : SNMP page. | ||
If you do not use the FirePass SNMP agent, you can work around this issue by disabling the SNMP agent. To do so, perform the following procedure: |
If you are running FirePass 5.x, clear the Run SNMP agent on portcheck box.
4. At the bottom of the page, click Submit.