6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
0.011 Low
EPSS
Percentile
82.9%
Vulnerability Recommended Actions
If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.
To mitigate this vulnerability for the BIG-IP and Enterprise Manager systems, you should permit management access to F5 products only over a secure network, and limit shell access to trusted users. For more information, refer toΓ SOL13309: Restricting access to the Configuration utility by source IP address (11.x) andΓ SOL13092: Overview of securing access to the BIG-IP system.
Additionally, for the Enterprise Manager system, you should not enable the Remote Access feature to provide remote access to the statistical database. If you have enabled the Remote Access feature, you should disable it by performing the following procedure:
Disabling the Remote Access feature
Impact of action: Remote access to the MySQL statistical database will no longer be allowed.
Supplemental Information
support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html
support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html
support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html
support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html
support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html