SOL17517 - NTP vulnerability CVE-2015-7701

Vulnerability Recommended Actions

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

To mitigate this vulnerability, you should disable NTP Autokey authentication and restrict access to NTP services. In addition, you should permit access to F5 products only over a secure network, and limit login access to trusted users. For information about securing access to the BIG-IP system, refer to SOL13092: Overview of securing access to the BIG-IP system.

Note: NTP Autokey authentication is disabled, by default, on the BIG-IP system. For information about configuring NTP Autokey authentication, refer to your NTP documentation.

Supplemental Information

• SOL9970: Subscribing to email notifications regarding F5 products
• SOL9957: Creating a custom RSS feed to view new and updated documents
• SOL4602: Overview of the F5 security vulnerability response policy
• SOL4918: Overview of the F5 critical issue hotfix policy
• SOL167: Downloading software and firmware from F5
• SOL14120: Defining advanced NTP configurations on the BIG-IP system (11.x - 12.x)