Note: For information about signing up to receive security notice updates from F5, refer to K9970: Subscribing to email notifications regarding F5 products.
Note: F5 has not evaluated specific versions that are not listed in this article for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5 security vulnerability response policy.
F5 products and versions that have been evaluated for this Security Advisory
Product | Affected | Not Affected |
---|---|---|
BIG-IP LTM | None | *9.0.0 - 9.6.1 |
*10.0.0 - 10.2.4 | ||
11.x |
BIG-IP GTM| None| *9.2.2 - 9.4.8
*10.0.0 - 10.2.4
11.x
BIG-IP ASM| None| *9.2.0 - 9.4.8
*10.0.0 - 10.2.4
11.x
BIG-IP Link Controller| None| *9.2.2 - 9.4.8
*10.0.0 - 10.2.4
11.x
BIG-IP WebAccelerator| None| *9.4.0 - 9.4.8
*10.0.0 - 10.2.4
11.x
BIG-IP PSM| None| *9.4.5 - 9.4.8
*10.0.0 - 10.2.4
11.x
BIG-IP WAN Optimization| None| *10.0.0 - 10.2.4
11.x
BIG-IP APM| None| *10.1.0 - 10.2.4
11.x
BIG-IP Edge Gateway| None| *10.1.0 - 10.2.4
11.x
BIG-IP Analytics| None| 11.x
BIG-IP AFM| None| 11.x
BIG-IP PEM
| None| 11.x
BIG-IP AAM| None| 11.x
FirePass| None| *5.0.0 - 5.5.2
*6.0.0 - 6.1.0
*7.0.0
Enterprise Manager| None| *1.0.0 - 1.8.0
*2.0.0 - 2.2.0
3.x
ARX| None| *3.2.1 - 3.2.3
*4.0.1 - 4.1.3
*5.0.0 - 5.3.1
*6.0.0 - 6.3.0
However, these product versions use a version of OpenSSL that is affected by this vulnerability when the OpenSSL version is compiled and configured differently than the way F5 compiles and configures it. As a result, Nessus or other vulnerability scanners may incorrectly report these listed product versions as vulnerable to CVE-2008-7270. Nessus plugin 51892 looks beyond the banner string and actually verifies the behavior. While the plugin shows that the client can change the cipher, the client cannot change it to a disallowed cipher.
Vulnerability description
OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.
Information about this advisory is available at the following location:
Note: This link takes you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.