1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
12.9%
F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited remotely.
Information about this advisory is available at the following locations:
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108>
<http://openssl.org/news/patch-CVE-2007-3108.txt>
F5 Product Development tracked this issue as CR84151 for BIG-IP LTM, GTM, ASM, Link Controller and the WebAccelerator module, and it was fixed in BIG-IP versions 9.3.1 and 9.4.4. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, Link Controller and WebAccelerator Release Notes.
F5 Product Development tracked this issue as CR84151 for Enterprise Manager, and it was fixed in version 1.6. For information about upgrading, refer to the Enterprise Manager Release Notes.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip link controller | le | 9.4.3 | |
big-ip gtm | le | 9.4.3 | |
big-ip webaccelerator | le | 9.4.3 | |
big-ip ltm | le | 9.4.3 | |
big-ip asm | le | 9.4.3 | |
enterprise manager | le | 1.4.1 |