SOL64743453 - NAT64 vulnerability CVE-2016-5745

Vulnerability Recommended Actions

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

**Important:** Only virtual servers that have NAT64 enabled are vulnerable.

To verify if your BIG-IP system has a virtual server with NAT64 enabled, perform the following procedure.

Verifying the NAT64 configuration

Impact of action: Performing the following procedure should not have a negative impact on your system.

1. Log in to the command line of the BIG-IP system.
2. Type the following command to verify the NAT64 configuration setting:

tmsh list ltm virtual all nat64 | grep -B 1 enabled

In the following example, the configuration for a virtual server named** example1** has NAT64 enabled:

ltm virtual example1 {
  nat64 enabled
}

Supplemental Information

• Common Vulnerability Scoring System v3.0: Specification Document

Note: This link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.

• SOL9970: Subscribing to email notifications regarding F5 products
• SOL9957: Creating a custom RSS feed to view new and updated documents
• SOL4602: Overview of the F5 security vulnerability response policy
• SOL4918: Overview of the F5 critical issue hotfix policy
• SOL167: Downloading software and firmware from F5
• SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)