7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
63.3%
Recommended Action
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
F5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.
To avoid this vulnerability, you should not use SSH protocol version 1 when establishing an SSH connecting to the SSHD service on the BIG-IP, Enterprise Manager, or BIG-IQ system.
For the SSHD service on the BIG-IP, Enterprise Manager, or BIG-IQ system, the SSHD configuration uses SSH protocol 2 by default. To avoid this vulnerability, do not modify it to use SSH protocol version 1.
To verify the current SSH protocol enabled on your BIG-IP, Enterprise Manager, or BIG-IQ system, type the following command:
grep ^Protocol /config/ssh/sshd_config
Command output for the system using only SSH protocol 2 appears similar to the following example:
Protocol 2
Supplemental Information
support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html
support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html
support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html