6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
87.0%
OpenSSL 0.9.8i and earlier versions do not properly check the return value from the EVP_VerifyFinalfunction.
Information about this advisory is available at the following locations:
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077>
<http://openssl.org/news/secadv_20090107.txt>
Note: These links take you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.
F5 Product Development is tracking this issue as ID 294064 (formerly CR114792) to upgrade the version of OpenSSL used for the FirePass controller.
This is a similar vulnerability to CVE-2009-0025 and CVE-2009-0265. For information about CVE-2009-0025, refer to SOL9754: BIND 9 vulnerability CVE-2009-0025. For information about CVE-2009-0265, refer to SOL11503: BIND 9 vulnerability CVE-2009-0265.