F5 Product Development has assigned ID 390322 to this vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:
Product | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature |
---|---|---|---|
BIG-IP LTM | None | 9.4.8 | |
10.x | |||
11.x | None | ||
BIG-IP GTM | None | 9.4.8 | |
10.x | |||
11.x | None | ||
BIG-IP ASM | 10.0.0 - 10.2.4-HF3 | ||
11.0.0 - 11.0.0-HF3 | |||
11.1.0 - 11.1.0-HF4 | |||
11.2.0 - 11.2.0-HF1 | 9.4.8 | ||
10.2.4-HF4 | |||
11.0.0-HF4 | |||
11.1.0-HF5 | |||
11.2.0-HF2 | |||
11.2.1 | |||
11.3.x | Configuration utility |
BIG-IP Link Controller| None| 9.4.8
10.x
11.x| None
BIG-IP WebAccelerator| None| 9.4.8
10.x
11.x| None
BIG-IP PSM| None| 9.4.8
10.x
11.x| None
BIG-IP WOM| None| 10.x
11.x| None
BIG-IP APM| None| 10.x
11.x| None
BIG-IP Edge Gateway| None| 10.x
11.x| None
BIG-IP Analytics| None| 11.x| None
BIG-IP AFM| None| 11.x| None
BIG-IP PEM| None| 11.x| None
BIG-IP AAM| None| 11.x| None
FirePass| None| 6.x
7.x| None
Enterprise Manager| None| 2.x
3.x| None
ARX| None| 5.x
6.x| None
To eliminate this vulnerability, upgrade to a version or hotfix that is listed in the Versions known to be not vulnerable column in the previous table.
F5 would like to acknowledge Roger Wemyss with Dell SecureWorks for his efforts in identifying this issue, and for following the highest standards of responsible disclosure.