Lucene search

K
f5F5SOL16920
HistoryJul 07, 2015 - 12:00 a.m.

SOL16920 - OpenSSL vulnerability CVE-2014-8176

2015-07-0700:00:00
support.f5.com
20

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.05 Low

EPSS

Percentile

92.0%

  • The failover.secure system database variable is only available in BIG-IP 11.5.0 and later, and is disabled by default. However, Common Criteria mode enables thefailover.secure database variable.

**The BIG-IP Edge Client system will be vulnerable only when connected to a malicious server.

Vulnerability Recommended Actions

If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.

BIG-IP

To mitigate this vulnerability for vulnerable BIG-IP versions, you can disable the failover.secure system database variable to prevent exposure. For UDP virtual servers using Client SSL or Server SSL profiles, the system is only vulnerable to this issue when configured with COMPAT ciphers.

For more information about SSL profiles and cipher configuration, refer to the following articles:

  • SOL13187: COMPAT SSL ciphers are no longer included in standard cipher strings
  • SOL13171: Configuring the cipher strength for SSL profiles (11.x)

Supplemental Information

  • SOL9970: Subscribing to email notifications regarding F5 products
  • SOL9957: Creating a custom RSS feed to view new and updated documents
  • SOL4918: Overview of the F5 critical issue hotfix policy
  • SOL4602: Overview of the F5 security vulnerability response policy
  • SOL167: Downloading software and firmware from F5
  • SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)
  • SOL9502: BIG-IP hotfix matrix

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.05 Low

EPSS

Percentile

92.0%