9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
69.3%
Vulnerability Recommended Actions
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
F5 responds to vulnerabilities in accordance with the Severity values published in the previous table. TheSeverity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.
LineRate
To mitigate this vulnerability, you can modify the sshd_config file to disable X11 forwarding. To do so, perform the following procedure:
Impact of action: This procedure requires you to modify your secure shell (SSH) configuration, and to restart the SSH service. If you do not update the configuration syntax correctly, the SSH service may fail to start. When you restart the SSH service, existing SSH sessions may be terminated. You should not perform this procedure using a remote SSH session; any mistakes may prevent further SSH access to the LineRate system.
bash
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config-SOL71960814.save
X11Forwarding no
Note: You must use thesudo command when opening your text editor, or you will not have permission to save your changes.
If there are no errors, this command should return you to the prompt.
* echo $?
This echo command returns the status code of the last command you typed. The result should be 0 (zero).
Important: If either of these commands return errors, repeat step 4 and confirm that the syntax of the modification is correct. Incorrect configuration syntax may prevent the SSH service from starting.
sudo service sshd restart
Note: Existing SSH sessions may be terminated when you restart the SSH service.
exit
Supplemental Information
CPE | Name | Operator | Version |
---|---|---|---|
traffix sdc | le | 5.0.0 | |
linerate | le | 2.6.1 |
support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html
support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html
support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
69.3%