5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.95 High
EPSS
Percentile
99.1%
Vulnerability Recommended Actions
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable ** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
F5 responds to vulnerabilities in accordance with the Severityvalues published in the previous table. The Severityvalues and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.
BIG-IP
BIG-IP is not vulnerable to this issue in default configurations. F5 recommends that you do not enable the use of SSLv2 or EXPORT ciphers in your configuration. In addition, note the following:
BIG-IQ and Enterprise Manager
The BIG-IQ and Enterprise Manager systems are not vulnerable to this issue in default configurations. F5 recommends that you do not enable the use of SSLv2 or EXPORT ciphers in control plane configurations.
LineRate
The LineRate systems are not vulnerable to this issue in default configurations. F5 recommends that you do not enable the use of SSLv2 protocol in LineRate configurations.
Supplemental Information
Note: A DevCentral login may be required to access the previous link.
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.95 High
EPSS
Percentile
99.1%