5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
84.0%
It is possible that customers using non-default SSL options could be exposed to this vulnerability in the BIG-IP LTM Configuration utility, SSL terminating virtual servers, and bundled utilities.
F5 tracked this problem as CR55070, CR55145, CR55203, CR55204, CR55283, CR55426, CR55588, and CR63465, and it was fixed in BIG-IP version 9.1.1, BIG-IP version 9.2.2, and FirePass version 6.0.0. For information about upgrading, refer to the release notes for your product and version.
BIG-IP LTM version 9.0.4
To download and install the patch, perform the following steps:
From the F5 Downloads page, download the Hotfix-BIG-IP-9.0.4-CR55070.im file to the**/var/tmp** directory on the BIG-IP LTM system.
Install the patch by typing the following command:
im Hotfix-BIG-IP-9.0.4-CR55070.im
BIG-IP LTM version 9.0.5
To download and install the patch, perform the following steps:
From the F5 Downloads page, download the Hotfix-BIG-IP-9.0.5-CR55070.im file to the**/var/tmp** directory on the BIG-IP LTM system.
Install the patch by typing the following command:
im Hotfix-BIG-IP-9.0.5-CR55070.im
BIG-IP LTM version 9.1.0
To download and install the patch, perform the following steps:
From the F5 Downloads page, download the Hotfix-BIG-IP-9.1.0-CR55070.im file to the**/var/tmp** directory on the BIG-IP LTM system.
Install the patch by typing the following command:
im Hotfix-BIG-IP-9.1.0-CR55070.im
BIG-IP LTM version 9.2.0
To download and install the patch, perform the following steps:
From the F5 Downloads page, download the Hotfix-BIG-IP-9.2.0-CR55070.im file to the**/var/tmp** directory on the BIG-IP LTM system.
Install the patch by typing the following command:
im Hotfix-BIG-IP-9.2.0-CR55070.im
FirePass versions 5.0.0 through 5.5.1
To protect FirePass against the possibility of a protocol version rollback attack, disable all protocols weaker than SSLv3/TLS using the following procedure:
Log in to the FirePass Administrative Console.
In the main navigation pane, select Device Management.
In the upper navigation pane, select Security.
In the sub-menu, select User Access Security.
Select the Accept only SSLv3 and TLS protocols (maximize security) check box.
Click the Update button.
CPE | Name | Operator | Version |
---|---|---|---|
firepass | le | 5.x | |
big-ip ltm | le | 9.2.0 | |
big-ip asm | le | 9.2.0 |