F5 Product Development has assigned ID 572495 (BIG-IP) to this vulnerability. Additionally, BIG-IP iHealth may list Heuristic H19784568 on the Diagnostics >Identified>High page.
To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.
Product | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature |
---|---|---|---|---|
BIG-IP LTM | 12.0.01 | |||
11.6.01 | ||||
11.4.0 - 11.5.41 | ||||
11.2.11 | 12.1.0 | |||
12.0.0 HF3 | ||||
11.6.1 | ||||
11.5.4 HF2 | ||||
11.2.1 HF16 | ||||
10.2.1 - 10.2.4 | High | Virtual servers with TCP profile | ||
BIG-IP AAM | 12.0.01 | |||
11.6.01 | ||||
11.4.0 - 11.5.41 | 12.1.0 | |||
12.0.0 HF3 | ||||
11.6.1 | ||||
11.5.4 HF2 | High | Virtual servers with TCP profile | ||
BIG-IP AFM | 12.0.01 | |||
11.6.01 | ||||
11.4.0 - 11.5.41 | 12.1.0 | |||
12.0.0 HF3 | ||||
11.6.1 | ||||
11.5.4 HF2 | High | Virtual servers with TCP profile | ||
BIG-IP Analytics | 12.0.01 | |||
11.6.01 | ||||
11.4.0 - 11.5.41 | ||||
11.2.11 | 12.1.0 | |||
12.0.0 HF3 | ||||
11.6.1 | ||||
11.5.4 HF2 | ||||
11.2.1 HF16 | High | Virtual servers with TCP profile | ||
BIG-IP APM | 12.0.01 | |||
11.6.01 | ||||
11.4.0 - 11.5.41 | ||||
11.2.11 | 12.1.0 | |||
12.0.0 HF3 | ||||
11.6.1 | ||||
11.5.4 HF2 | ||||
11.2.1 HF16 | ||||
10.2.1 - 10.2.4 | High | Virtual servers with TCP profile | ||
BIG-IP ASM | 12.0.01 | |||
11.6.01 | ||||
11.4.0 - 11.5.41 | ||||
11.2.11 | 12.1.0 | |||
12.0.0 HF3 | ||||
11.6.1 | ||||
11.5.4 HF2 | ||||
11.2.1 HF16 | ||||
10.2.1 - 10.2.4 | High | Virtual servers with TCP profile | ||
BIG-IP DNS | 12.0.01 | 12.1.0 | ||
12.0.0 HF3 | High | Virtual servers with TCP profile | ||
BIG-IP Edge Gateway | 11.2.11 | 11.2.1 HF16 | ||
10.2.1 - 10.2.4 | High | Virtual servers with TCP profile | ||
BIG-IP GTM | 11.6.01 | |||
11.4.0 - 11.5.41 | ||||
11.2.11 | 11.6.1 | |||
11.5.4 HF2 | ||||
11.2.1 HF16 | ||||
10.2.1 - 10.2.4 | High | Virtual servers with TCP profile | ||
BIG-IP Link Controller | 12.0.01 | |||
11.6.01 | ||||
11.4.0 - 11.5.41 | ||||
11.2.11 | 12.1.0 | |||
12.0.0 HF3 | ||||
11.6.1 | ||||
11.5.4 HF2 | ||||
11.2.1 HF16 | ||||
10.2.1 - 10.2.4 | High | Virtual servers with TCP profile | ||
BIG-IP PEM | 12.0.01 | |||
11.6.01 | ||||
11.4.0 - 11.5.41 | 12.1.0 | |||
12.0.0 HF3 | ||||
11.6.1 | ||||
11.5.4 HF2 | High | Virtual servers with TCP profile | ||
BIG-IP PSM | 11.4.0 - 11.4.11 | |||
11.2.11 | 11.2.1 HF16 | |||
10.2.1 - 10.2.4 | High | Virtual servers with TCP profile | ||
BIG-IP WebAccelerator | 11.2.11 | 11.2.1 HF16 | ||
10.2.1 - 10.2.4 | High | Virtual servers with TCP profile | ||
F5 WebSafe | None | None | Not vulnerable | None |
BIG-IP WOM | 11.2.11 | 11.2.1 HF16 | ||
10.2.1 - 10.2.4 | High | Virtual servers with TCP profile | ||
ARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None |
Enterprise Manager | None | 3.1.1 | Not vulnerable | None |
FirePass | None | 7.0.0 | Not vulnerable | None |
BIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None |
BIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None |
BIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None |
BIG-IQ ADC | None | 4.5.0 | Not vulnerable | None |
BIG-IQ Centralized Management | None | 5.0.0 | Not vulnerable | None |
BIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None |
F5 iWorkflow | None | 2.0.0 | Not vulnerable | None |
LineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None |
Traffix SDC | None | 5.0.0 | ||
4.0.0 - 4.4.0 | Not vulnerable | None |
1The BIG-IP system has increased exposure to the vulnerability if the system meets the following criteria:
Note: Changing the settings in the affected TCP profile to not match the values previously described does not mitigate the vulnerability.
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
Mitigation
There is no mitigation for this vulnerability.