4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.007 Low
EPSS
Percentile
77.9%
1 If you are planning to upgrade to BIG-IP APM 11.5.1 HF6 to mitigate this issue, you should instead upgrade to 11.5.1 HF7 to avoid an issue specific to BIG-IP APM. For more information, refer to SOL15914: The tmm process may restart and produce a core file after BIG-IP APM systems are upgraded.
Vulnerability Recommended Actions
BIG-IP 11.x
If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.
To mitigate this vulnerability for virtual servers, you can disable all TLS1 protocols in the SSL profile. To do so, perform the following procedure:
Impact of procedure: The following procedure should not have a negative impact on your system.
For Client SSL profiles, navigate to Local Traffic >** Profiles** >SSL>Client.
To mitigate this vulnerability for the Configuration utility, you can disable all TLS1 protocols for** httpd**. To do so, perform the following procedure:
**Impact of procedure:** Some browsers, such as Mozilla Firefox, may fail to connect to the Configuration utility with TLS1 ciphers disabled. Â
tmsh
list /sys httpd ssl-ciphersuite
For example, the BIG-IP 11.5.1 system displays the following cipher string:
ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2
modify /sys httpd ssl-ciphersuite ‘ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:!TLSv1’
save /sys config
restart /sys service httpd
Supplemental Information
support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html
support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html
support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html
support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html